Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201903-12 ] WebkitGTK+: Multiple vulnerabilities
Date: Thu, 14 Mar 2019 01:53:14
Message-Id: 20190314013814.GD14998@monkey
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201903-12
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: WebkitGTK+: Multiple vulnerabilities
9 Date: March 14, 2019
10 Bugs: #672108, #674702, #678334
11 ID: 201903-12
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in WebkitGTK+, the worst of
19 which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 WebKitGTK+ is a full-featured port of the WebKit rendering engine,
25 suitable for projects requiring any kind of web integration, from
26 hybrid HTML/CSS applications to full-fledged web browsers.
27
28 Affected packages
29 =================
30
31 -------------------------------------------------------------------
32 Package / Vulnerable / Unaffected
33 -------------------------------------------------------------------
34 1 net-libs/webkit-gtk < 2.22.6 >= 2.22.6
35
36 Description
37 ===========
38
39 Multiple vulnerabilities have been discovered in WebKitGTK+. Please
40 review the referenced CVE identifiers for details.
41
42 Impact
43 ======
44
45 An attacker could execute arbitrary code or conduct cross-site
46 scripting.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All WebkitGTK+ users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.6"
60
61 References
62 ==========
63
64 [ 1 ] CVE-2019-6212
65 https://nvd.nist.gov/vuln/detail/CVE-2019-6212
66 [ 2 ] CVE-2019-6215
67 https://nvd.nist.gov/vuln/detail/CVE-2019-6215
68 [ 3 ] CVE-2019-6216
69 https://nvd.nist.gov/vuln/detail/CVE-2019-6216
70 [ 4 ] CVE-2019-6217
71 https://nvd.nist.gov/vuln/detail/CVE-2019-6217
72 [ 5 ] CVE-2019-6226
73 https://nvd.nist.gov/vuln/detail/CVE-2019-6226
74 [ 6 ] CVE-2019-6227
75 https://nvd.nist.gov/vuln/detail/CVE-2019-6227
76 [ 7 ] CVE-2019-6229
77 https://nvd.nist.gov/vuln/detail/CVE-2019-6229
78 [ 8 ] CVE-2019-6233
79 https://nvd.nist.gov/vuln/detail/CVE-2019-6233
80 [ 9 ] CVE-2019-6234
81 https://nvd.nist.gov/vuln/detail/CVE-2019-6234
82
83 Availability
84 ============
85
86 This GLSA and any updates to it are available for viewing at
87 the Gentoo Security Website:
88
89 https://security.gentoo.org/glsa/201903-12
90
91 Concerns?
92 =========
93
94 Security is a primary focus of Gentoo Linux and ensuring the
95 confidentiality and security of our users' machines is of utmost
96 importance to us. Any security concerns should be addressed to
97 security@g.o or alternatively, you may file a bug at
98 https://bugs.gentoo.org.
99
100 License
101 =======
102
103 Copyright 2019 Gentoo Foundation, Inc; referenced text
104 belongs to its owner(s).
105
106 The contents of this document are licensed under the
107 Creative Commons - Attribution / Share Alike license.
108
109 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups