[3.10] webkit2gtk: Multiple vulnerabilities (CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE….CVE-2019-8622, CVE-2019-8623)
CVE-2019-6251
Processing maliciously crafted web content may lead to spoofing.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8506
Processing maliciously crafted web content may lead to arbitrary code
execution.
A type confusion issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8524
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8535
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved state
management.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8536
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8544
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
CVE-2019-8551
Processing maliciously crafted web content may lead to universal cross
site scripting.
A logic issue was addressed with improved validation.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8558
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8559
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8563
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-11070
WebKitGTK and WPE WebKit failed to properly apply configured HTTP proxy
settings when downloading livestream video (HLS, DASH, or Smooth
Streaming),
an error resulting in deanonymization. This issue was corrected by
changing the way livestreams are downloaded.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
Reference:
https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-6237
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8571
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8583
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8584
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8586
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8587
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8594
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8595
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
CVE-2019-8596
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8597
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8601
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8607
Processing maliciously crafted web content may result in the disclosure
of process memory.
An out-of-bounds read was addressed with improved input validation.
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
CVE-2019-8608
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8609
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8610
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8615
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
CVE-2019-8611
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8619
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.1.
CVE-2019-8622
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
CVE-2019-8623
Processing maliciously crafted web content may lead to arbitrary code
execution.
Multiple memory corruption issues were addressed with improved memory
handling.
Versions affected: WebKitGTK and WPE WebKit before 2.24.0.
Reference:
https://webkitgtk.org/security/WSA-2019-0003.html
(from redmine: issue id 10599, created on 2019-06-21)
- Relations:
- parent #10597