Opened 4 years ago
Closed 4 years ago
#13856 closed enhancement (fixed)
webkitgtk-2.28.4
Reported by: | Bruce Dubbs | Owned by: | Pierre Labastie |
---|---|---|---|
Priority: | high | Milestone: | 10.0 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
New point version.
Change History (5)
comment:1 by , 4 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 4 years ago
comment:5 by , 4 years ago
Priority: | normal → high |
---|
Security fixes:
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0007 Date Reported: July 29, 2020 Advisory ID: WSA-2020-0007 CVE identifiers: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2020-9862 Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4. Credit to Ophir Lojkine (@lovasoa). Impact: Copying a URL from Web Inspector may lead to command injection. Description: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. CVE-2020-9893 Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4. Credit to 0011 working with Trend Micro Zero Day Initiative. Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Description: An use-after-free issue was addressed with improved memory management. CVE-2020-9894 Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4. Credit to 0011 working with Trend Micro Zero Day Initiative. Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9895 Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4. Credit to Wen Xu of SSLab, Georgia Tech. Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Description: An use-after-free issue was addressed with improved memory management. CVE-2020-9915 Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4. Credit to Ayoub AIT ELMOKHTAR of Noon. Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Description: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. CVE-2020-9925 Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A logic issue was addressed with improved state management. We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/.
comment:6 by , 4 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Fixed at r23433. Errata updated
Note:
See TracTickets
for help on using tickets.
Looks like security advisories are posted one day after the release