MGASA-2019-0324
- Source
- https://advisories.mageia.org/MGASA-2019-0324.html
- Import Source
- https://advisories.mageia.org/MGASA-2019-0324.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2019-0324
- Related
- Published
- 2019-11-14T16:58:51Z
- Modified
- 2019-11-14T16:37:31Z
- Summary
- Updated webkit2 packages fix security vulnerabilities
- Details
-
Updated webkit2 packages fix security vulnerabilities:
Processing maliciously crafted web content may lead to universal cross site scripting (CVE-2019-8625, CVE-2019-8674, CVE-2019-8719, CVE-2019-8813)
Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2019-8707, CVE-2019-8710, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823)
A user may be unable to delete browsing history items (CVE-2019-8768)
Visiting a maliciously crafted website may reveal browsing history (CVE-2019-8769)
Maliciously crafted web content may violate iframe sandboxing policy (CVE-2019-8771)
- References
-
- https://advisories.mageia.org/MGASA-2019-0324.html
- https://bugs.mageia.org/show_bug.cgi?id=25657
- https://webkitgtk.org/2019/09/09/webkitgtk2.26.0-released.html
- https://webkitgtk.org/2019/09/23/webkitgtk2.26.1-released.html
- https://webkitgtk.org/2019/11/06/webkitgtk2.26.2-released.html
- https://webkitgtk.org/security/WSA-2019-0005.html
- https://webkitgtk.org/security/WSA-2019-0006.html
- https://www.openwall.com/lists/oss-security/2019/10/29/2
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / webkit2
Package
- Name
- webkit2
- Purl
- pkg:rpm/mageia/webkit2?distro=mageia-7