Debian Security Advisory 4558-1

Debian Security Advisory 4558-1: Posted Nov 5, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4558-1 - Several vulnerabilities have been discovered in the webkit2gtk web engine.; tags | advisory, web, vulnerability; systems | linux, debian; advisories | CVE-2019-8625, CVE-2019-8720, CVE-2019-8769, CVE-2019-8771; SHA-256 | 124827b95c3ad80644486b1f6071dedab7939b6d39e5b4506c46d2ec8fd675af; Download | Favorite | View

Debian Security Advisory 4558-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4558-1                   security@debian.org
https://www.debian.org/security/                           Alberto Garcia
November 04, 2019                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : webkit2gtk
CVE ID         : CVE-2019-8625 CVE-2019-8720 CVE-2019-8769 CVE-2019-8771

Several vulnerabilities have been discovered in the webkit2gtk web engine:

CVE-2019-8625

    Sergei Glazunov discovered that maliciously crafted web content
    may lead to universal cross site scripting.

CVE-2019-8720

    Wen Xu discovered that maliciously crafted web content may lead to
    arbitrary code execution.

CVE-2019-8769

    Pierre Reimertz discovered that visiting a maliciously crafted
    website may reveal browsing history.

CVE-2019-8771

    Eliya Stein discovered that maliciously crafted web content may
    violate iframe sandboxing policy.

For the stable distribution (buster), these problems have been fixed in
version 2.26.1-3~deb10u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3An/sACgkQEMKTtsN8
TjZv3A//UJcdspSRw9nCLFFf4Sj13DrXJoNcmLKkSh+5fTlIlYBdc8E2PT0coGtb
DIdgCoSBd3QwWbAgthkDYxtSTwgbudmDrc59UgY3aHCuvsiDRN6A53C7NMI0eWkW
DftztJ/TVVm9Ym9sNyEMve1sO5JwpPmvMA7Byxfn7+666nZX9gt5C2W2l/vsmxch
Yy7X1Eb56NPoJX66nuznb2Ak435DXRVDiP3dj05rTqdix1ok4Rh5+uho8Kzp/DXs
qAsAbAdcm+5Kk2n313+Vp2jsDOAYWesdyo2JoMw215p/qPk+AoYs91VKDa3Hr9+2
8SRZ3rny514QDFdQZ6ihGIr+eO1xS5zl184LM4bKBb0zWDdTPRP3YIuJ3GSBr5xP
oCuvZ0N4boZRwQvdO/E6wkl2ZUZJVBKH3/aIyZ0rC9JDTejMIlcCryhqjccCnHKZ
2jmuk1RrR/0emLiGGa60GV1F0gimw+5tpFyPAQHxILqSNgMhT21ak/kxTcCn3Tq8
eZi/UnwCDKOsubQlxI8Kjm+ymhVnBzRbcG5pUHzeuSIYHNnRyhN9FMfAyJbtPnVV
9Zr44CfZpqTsoMSBVlNXdMaVbSRazC7LX94TZM3gUrLMjXq8Iyy7No52sh72Exhw
H0jDUqa9sB1fXuiZYEQolUxcvuJggolnGKII1YrdOkqJfVmzCSs=HGVt
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 184 files
Ubuntu 64 files
Debian 22 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Google Security Research 6 files
Apple 6 files
malvuln 4 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,009)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,174)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,460)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,433)
UNIX (9,390)
UnixWare (187)
Windows (6,648)
Other

Debian Security Advisory 4558-1

Debian Security Advisory 4558-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4558-1

Share This

Debian Security Advisory 4558-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems