Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201909-05 ] WebkitGTK+: Multiple vulnerabilities
Date: Fri, 06 Sep 2019 16:22:58
Message-Id: b77d7aba-9bed-775a-55a7-3d53e4d7e2ea@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201909-05
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: WebkitGTK+: Multiple vulnerabilities
9 Date: September 06, 2019
10 Bugs: #683234, #686216, #693122
11 ID: 201909-05
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in WebkitGTK+, the worst of
19 which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 WebKitGTK+ is a full-featured port of the WebKit rendering engine,
25 suitable for projects requiring any kind of web integration, from
26 hybrid HTML/CSS applications to full-fledged web browsers.
27
28 Affected packages
29 =================
30
31 -------------------------------------------------------------------
32 Package / Vulnerable / Unaffected
33 -------------------------------------------------------------------
34 1 net-libs/webkit-gtk < 2.24.4 >= 2.24.4
35
36 Description
37 ===========
38
39 Multiple vulnerabilities have been discovered in WebkitGTK+. Please
40 review the CVE identifiers referenced below for details.
41
42 Impact
43 ======
44
45 An attacker, by enticing a user to visit maliciously crafted web
46 content, may be able to execute arbitrary code or cause memory
47 corruption.
48
49 Workaround
50 ==========
51
52 There is no known workaround at this time.
53
54 Resolution
55 ==========
56
57 All WebkitGTK+ users should upgrade to the latest version:
58
59 # emerge --sync
60 # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.24.4"
61
62 References
63 ==========
64
65 [ 1 ] CVE-2019-11070
66 https://nvd.nist.gov/vuln/detail/CVE-2019-11070
67 [ 2 ] CVE-2019-6201
68 https://nvd.nist.gov/vuln/detail/CVE-2019-6201
69 [ 3 ] CVE-2019-6251
70 https://nvd.nist.gov/vuln/detail/CVE-2019-6251
71 [ 4 ] CVE-2019-7285
72 https://nvd.nist.gov/vuln/detail/CVE-2019-7285
73 [ 5 ] CVE-2019-7292
74 https://nvd.nist.gov/vuln/detail/CVE-2019-7292
75 [ 6 ] CVE-2019-8503
76 https://nvd.nist.gov/vuln/detail/CVE-2019-8503
77 [ 7 ] CVE-2019-8506
78 https://nvd.nist.gov/vuln/detail/CVE-2019-8506
79 [ 8 ] CVE-2019-8515
80 https://nvd.nist.gov/vuln/detail/CVE-2019-8515
81 [ 9 ] CVE-2019-8518
82 https://nvd.nist.gov/vuln/detail/CVE-2019-8518
83 [ 10 ] CVE-2019-8523
84 https://nvd.nist.gov/vuln/detail/CVE-2019-8523
85 [ 11 ] CVE-2019-8524
86 https://nvd.nist.gov/vuln/detail/CVE-2019-8524
87 [ 12 ] CVE-2019-8535
88 https://nvd.nist.gov/vuln/detail/CVE-2019-8535
89 [ 13 ] CVE-2019-8536
90 https://nvd.nist.gov/vuln/detail/CVE-2019-8536
91 [ 14 ] CVE-2019-8544
92 https://nvd.nist.gov/vuln/detail/CVE-2019-8544
93 [ 15 ] CVE-2019-8551
94 https://nvd.nist.gov/vuln/detail/CVE-2019-8551
95 [ 16 ] CVE-2019-8558
96 https://nvd.nist.gov/vuln/detail/CVE-2019-8558
97 [ 17 ] CVE-2019-8559
98 https://nvd.nist.gov/vuln/detail/CVE-2019-8559
99 [ 18 ] CVE-2019-8563
100 https://nvd.nist.gov/vuln/detail/CVE-2019-8563
101 [ 19 ] CVE-2019-8595
102 https://nvd.nist.gov/vuln/detail/CVE-2019-8595
103 [ 20 ] CVE-2019-8607
104 https://nvd.nist.gov/vuln/detail/CVE-2019-8607
105 [ 21 ] CVE-2019-8615
106 https://nvd.nist.gov/vuln/detail/CVE-2019-8615
107 [ 22 ] CVE-2019-8644
108 https://nvd.nist.gov/vuln/detail/CVE-2019-8644
109 [ 23 ] CVE-2019-8644
110 https://nvd.nist.gov/vuln/detail/CVE-2019-8644
111 [ 24 ] CVE-2019-8649
112 https://nvd.nist.gov/vuln/detail/CVE-2019-8649
113 [ 25 ] CVE-2019-8649
114 https://nvd.nist.gov/vuln/detail/CVE-2019-8649
115 [ 26 ] CVE-2019-8658
116 https://nvd.nist.gov/vuln/detail/CVE-2019-8658
117 [ 27 ] CVE-2019-8658
118 https://nvd.nist.gov/vuln/detail/CVE-2019-8658
119 [ 28 ] CVE-2019-8666
120 https://nvd.nist.gov/vuln/detail/CVE-2019-8666
121 [ 29 ] CVE-2019-8666
122 https://nvd.nist.gov/vuln/detail/CVE-2019-8666
123 [ 30 ] CVE-2019-8669
124 https://nvd.nist.gov/vuln/detail/CVE-2019-8669
125 [ 31 ] CVE-2019-8669
126 https://nvd.nist.gov/vuln/detail/CVE-2019-8669
127 [ 32 ] CVE-2019-8671
128 https://nvd.nist.gov/vuln/detail/CVE-2019-8671
129 [ 33 ] CVE-2019-8671
130 https://nvd.nist.gov/vuln/detail/CVE-2019-8671
131 [ 34 ] CVE-2019-8672
132 https://nvd.nist.gov/vuln/detail/CVE-2019-8672
133 [ 35 ] CVE-2019-8672
134 https://nvd.nist.gov/vuln/detail/CVE-2019-8672
135 [ 36 ] CVE-2019-8673
136 https://nvd.nist.gov/vuln/detail/CVE-2019-8673
137 [ 37 ] CVE-2019-8673
138 https://nvd.nist.gov/vuln/detail/CVE-2019-8673
139 [ 38 ] CVE-2019-8676
140 https://nvd.nist.gov/vuln/detail/CVE-2019-8676
141 [ 39 ] CVE-2019-8676
142 https://nvd.nist.gov/vuln/detail/CVE-2019-8676
143 [ 40 ] CVE-2019-8677
144 https://nvd.nist.gov/vuln/detail/CVE-2019-8677
145 [ 41 ] CVE-2019-8677
146 https://nvd.nist.gov/vuln/detail/CVE-2019-8677
147 [ 42 ] CVE-2019-8678
148 https://nvd.nist.gov/vuln/detail/CVE-2019-8678
149 [ 43 ] CVE-2019-8678
150 https://nvd.nist.gov/vuln/detail/CVE-2019-8678
151 [ 44 ] CVE-2019-8679
152 https://nvd.nist.gov/vuln/detail/CVE-2019-8679
153 [ 45 ] CVE-2019-8679
154 https://nvd.nist.gov/vuln/detail/CVE-2019-8679
155 [ 46 ] CVE-2019-8680
156 https://nvd.nist.gov/vuln/detail/CVE-2019-8680
157 [ 47 ] CVE-2019-8680
158 https://nvd.nist.gov/vuln/detail/CVE-2019-8680
159 [ 48 ] CVE-2019-8681
160 https://nvd.nist.gov/vuln/detail/CVE-2019-8681
161 [ 49 ] CVE-2019-8681
162 https://nvd.nist.gov/vuln/detail/CVE-2019-8681
163 [ 50 ] CVE-2019-8683
164 https://nvd.nist.gov/vuln/detail/CVE-2019-8683
165 [ 51 ] CVE-2019-8683
166 https://nvd.nist.gov/vuln/detail/CVE-2019-8683
167 [ 52 ] CVE-2019-8684
168 https://nvd.nist.gov/vuln/detail/CVE-2019-8684
169 [ 53 ] CVE-2019-8684
170 https://nvd.nist.gov/vuln/detail/CVE-2019-8684
171 [ 54 ] CVE-2019-8686
172 https://nvd.nist.gov/vuln/detail/CVE-2019-8686
173 [ 55 ] CVE-2019-8686
174 https://nvd.nist.gov/vuln/detail/CVE-2019-8686
175 [ 56 ] CVE-2019-8687
176 https://nvd.nist.gov/vuln/detail/CVE-2019-8687
177 [ 57 ] CVE-2019-8687
178 https://nvd.nist.gov/vuln/detail/CVE-2019-8687
179 [ 58 ] CVE-2019-8688
180 https://nvd.nist.gov/vuln/detail/CVE-2019-8688
181 [ 59 ] CVE-2019-8688
182 https://nvd.nist.gov/vuln/detail/CVE-2019-8688
183 [ 60 ] CVE-2019-8689
184 https://nvd.nist.gov/vuln/detail/CVE-2019-8689
185 [ 61 ] CVE-2019-8689
186 https://nvd.nist.gov/vuln/detail/CVE-2019-8689
187 [ 62 ] CVE-2019-8690
188 https://nvd.nist.gov/vuln/detail/CVE-2019-8690
189 [ 63 ] CVE-2019-8690
190 https://nvd.nist.gov/vuln/detail/CVE-2019-8690
191 [ 64 ] WSA-2019-0002
192 https://webkitgtk.org/security/WSA-2019-0002.html
193 [ 65 ] WSA-2019-0004
194 https://webkitgtk.org/security/WSA-2019-0004.html
195
196 Availability
197 ============
198
199 This GLSA and any updates to it are available for viewing at
200 the Gentoo Security Website:
201
202 https://security.gentoo.org/glsa/201909-05
203
204 Concerns?
205 =========
206
207 Security is a primary focus of Gentoo Linux and ensuring the
208 confidentiality and security of our users' machines is of utmost
209 importance to us. Any security concerns should be addressed to
210 security@g.o or alternatively, you may file a bug at
211 https://bugs.gentoo.org.
212
213 License
214 =======
215
216 Copyright 2019 Gentoo Foundation, Inc; referenced text
217 belongs to its owner(s).
218
219 The contents of this document are licensed under the
220 Creative Commons - Attribution / Share Alike license.
221
222 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups