Skip to content

GitLab

Closed
Opened by Alicha CH@alichaReporter

[3.10] webkit2gtk: Multiple vulnerabilities (CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE….CVE-2019-8622, CVE-2019-8623)

CVE-2019-6251

Processing maliciously crafted web content may lead to spoofing.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.

CVE-2019-8506

Processing maliciously crafted web content may lead to arbitrary code execution.
A type confusion issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.

CVE-2019-8524

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.

CVE-2019-8535

Processing maliciously crafted web content may lead to arbitrary code execution.
A memory corruption issue was addressed with improved state management.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.

CVE-2019-8536

Processing maliciously crafted web content may lead to arbitrary code execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.

CVE-2019-8544

Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Processing maliciously crafted web content may lead to arbitrary code execution.
A memory corruption issue was addressed with improved memory handling.

CVE-2019-8551

Processing maliciously crafted web content may lead to universal cross site scripting.
A logic issue was addressed with improved validation.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.

CVE-2019-8558

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.

CVE-2019-8559

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.

CVE-2019-8563

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.

CVE-2019-11070

WebKitGTK and WPE WebKit failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming),
an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.

Reference:

https://webkitgtk.org/security/WSA-2019-0002.html

CVE-2019-6237

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.

CVE-2019-8571

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.

CVE-2019-8583

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.

CVE-2019-8584

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.

CVE-2019-8586

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.

CVE-2019-8587

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.

CVE-2019-8594

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.

CVE-2019-8595

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.

CVE-2019-8596

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.

CVE-2019-8597
Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.

CVE-2019-8601

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.

CVE-2019-8607

Processing maliciously crafted web content may result in the disclosure of process memory.
An out-of-bounds read was addressed with improved input validation.
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.

CVE-2019-8608

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.

CVE-2019-8609

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.

CVE-2019-8610

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.

CVE-2019-8615

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.

CVE-2019-8611

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.

CVE-2019-8619

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.

CVE-2019-8622

Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.

CVE-2019-8623
Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.

Reference:

https://webkitgtk.org/security/WSA-2019-0003.html

(from redmine: issue id 10599, created on 2019-06-21)

  • Relations:
    • parent #10597
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information