1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4558-1] webkit2gtk security update

    From Moritz Muehlenhoff@1:229/2 to All on Mon Nov 4 23:10:01 2019
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4558-1 [email protected] https://www.debian.org/security/ Alberto Garcia November 04, 2019 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : webkit2gtk
    CVE ID : CVE-2019-8625 CVE-2019-8720 CVE-2019-8769 CVE-2019-8771

    Several vulnerabilities have been discovered in the webkit2gtk web engine:

    CVE-2019-8625

    Sergei Glazunov discovered that maliciously crafted web content
    may lead to universal cross site scripting.

    CVE-2019-8720

    Wen Xu discovered that maliciously crafted web content may lead to
    arbitrary code execution.

    CVE-2019-8769

    Pierre Reimertz discovered that visiting a maliciously crafted
    website may reveal browsing history.

    CVE-2019-8771

    Eliya Stein discovered that maliciously crafted web content may
    violate iframe sandboxing policy.

    For the stable distribution (buster), these problems have been fixed in
    version 2.26.1-3~deb10u1.

    We recommend that you upgrade your webkit2gtk packages.

    For the detailed security status of webkit2gtk please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3An/sACgkQEMKTtsN8 TjZv3A//UJcdspSRw9nCLFFf4Sj13DrXJoNcmLKkSh+5fTlIlYBdc8E2PT0coGtb DIdgCoSBd3QwWbAgthkDYxtSTwgbudmDrc59UgY3aHCuvsiDRN6A53C7NMI0eWkW DftztJ/TVVm9Ym9sNyEMve1sO5JwpPmvMA7Byxfn7+666nZX9gt5C2W2l/vsmxch Yy7X1Eb56NPoJX66nuznb2Ak435DXRVDiP3dj05rTqdix1ok4Rh5+uho8Kzp/DXs qAsAbAdcm+5Kk2n313+Vp2jsDOAYWesdyo2JoMw215p/qPk+AoYs91VKDa3Hr9+2 8SRZ3rny514QDFdQZ6ihGIr+eO1xS5zl184LM4bKBb0zWDdTPRP3YIuJ3GSBr5xP oCuvZ0N4boZRwQvdO/E6wkl2ZUZJVBKH3/aIyZ0rC9JDTejMIlcCryhqjccCnHKZ 2jmuk1RrR/0emLiGGa60GV1F0gimw+5tpFyPAQHxILqSNgMhT21ak/kxTcCn3Tq8 eZi/UnwCDKOsubQlxI8Kjm+ymhVnBzRbcG5pUHzeuSIYHNnRyhN9FMfAyJbtPnVV 9Zr44CfZpqTsoMSBVlNXdMaVbSRazC7LX94TZM3gUrLMjXq8Iyy7No52sh72Exhw H0jDUqa9sB1fXuiZYEQolUxcvuJggolnGKII1YrdOkqJfVmzCSs=
    =HGVt
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)