Mageia 2019-0324: webkit2 security update
Summary
Updated webkit2 packages fix security vulnerabilities:
Processing maliciously crafted web content may lead to universal cross
site scripting (CVE-2019-8625, CVE-2019-8674, CVE-2019-8719, CVE-2019-8813)
Processing maliciously crafted web content may lead to arbitrary code
execution (CVE-2019-8707, CVE-2019-8710, CVE-2019-8720, CVE-2019-8726,
CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764,
CVE-2019-8765, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808,
CVE-2019-8811, CVE-2019-8812, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816,
CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823)
A user may be unable to delete browsing history items (CVE-2019-8768)
Visiting a maliciously crafted website may reveal browsing history
(CVE-2019-8769)
Maliciously crafted web content may violate iframe sandboxing policy
(CVE-2019-8771)
References
- https://bugs.mageia.org/show_bug.cgi?id=25657
- https://webkitgtk.org/2019/09/09/webkitgtk2.26.0-released.html
- https://webkitgtk.org/2019/09/23/webkitgtk2.26.1-released.html
- https://webkitgtk.org/2019/11/06/webkitgtk2.26.2-released.html
- https://webkitgtk.org/security/WSA-2019-0005.html
- https://webkitgtk.org/security/WSA-2019-0006.html
- https://www.openwall.com/lists/oss-security/2019/10/29/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8625
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8674
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8707
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8710
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8719
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8720
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8726
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8733
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8735
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8743
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8763
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8764
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8765
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8766
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8768
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8769
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8771
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8782
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8783
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8808
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8811
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8812
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8813
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8814
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8815
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8816
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8819
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8820
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8821
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8822
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8823
Resolution
MGASA-2019-0324 - Updated webkit2 packages fix security vulnerabilities
SRPMS
- 7/core/webkit2-2.26.2-1.mga7