Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2020:4035: Red Hat Security Advisory: webkitgtk4 security, bug fix, and enhancement update

An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. The following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144) Security Fix(es):

  • webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. Related CVEs:
  • CVE-2019-6237: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-6251: webkitgtk: processing maliciously crafted web content lead to URI spoofing
  • CVE-2019-8506: webkitgtk: malicous web content leads to arbitrary code execution
  • CVE-2019-8524: webkitgtk: malicious web content leads to arbitrary code execution
  • CVE-2019-8535: webkitgtk: malicious crafted web content leads to arbitrary code execution
  • CVE-2019-8536: webkitgtk: malicious crafted web content leads to arbitrary code execution
  • CVE-2019-8544: webkitgtk: malicious crafted web content leads to arbitrary we content
  • CVE-2019-8551: webkitgtk: malicious web content leads to cross site scripting
  • CVE-2019-8558: webkitgtk: malicious crafted web content leads to arbitrary code execution
  • CVE-2019-8559: webkitgtk: malicious web content leads to arbitrary code execution
  • CVE-2019-8563: webkitgtk: malicious web content leads to arbitrary code execution
  • CVE-2019-8571: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8583: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8584: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8586: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8587: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8594: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8595: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8596: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8597: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8601: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8607: webkitgtk: Out-of-bounds read leading to memory disclosure
  • CVE-2019-8608: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8609: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8610: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8611: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8615: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8619: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8622: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8623: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8625: webkitgtk: Incorrect state management leading to universal cross-site scripting
  • CVE-2019-8644: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8649: webkitgtk: Incorrect state management leading to universal cross-site scripting
  • CVE-2019-8658: webkitgtk: Incorrect state management leading to universal cross-site scripting
  • CVE-2019-8666: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8669: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8671: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8672: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8673: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8674: webkitgtk: Incorrect state management leading to universal cross-site scripting
  • CVE-2019-8676: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8677: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8678: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8679: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8680: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8681: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8683: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8684: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8686: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8687: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8688: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8689: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8690: webkitgtk: Incorrect state management leading to universal cross-site scripting
  • CVE-2019-8707: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8710: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8719: webkitgtk: Incorrect state management leading to universal cross-site scripting
  • CVE-2019-8720: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8726: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8733: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8735: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8743: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8763: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8764: webkitgtk: Incorrect state management leading to universal cross-site scripting
  • CVE-2019-8765: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8766: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8768: webkitgtk: Browsing history could not be deleted
  • CVE-2019-8769: webkitgtk: Websites could reveal browsing history
  • CVE-2019-8771: webkitgtk: Violation of iframe sandboxing policy
  • CVE-2019-8782: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8783: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8808: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8811: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8812: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8813: webkitgtk: Incorrect state management leading to universal cross-site scripting
  • CVE-2019-8814: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8815: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8816: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8819: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8820: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8821: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8822: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8823: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2019-8835: webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2019-8844: webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2019-8846: webkitgtk: Use after free issue may lead to remote code execution
  • CVE-2019-11070: webkitgtk: HTTP proxy setting deanonymization information disclosure
  • CVE-2020-3862: webkitgtk: Denial of service via incorrect memory handling
  • CVE-2020-3864: webkitgtk: Non-unique security origin for DOM object contexts
  • CVE-2020-3865: webkitgtk: Incorrect security check for a top-level DOM object context
  • CVE-2020-3867: webkitgtk: Incorrect state management leading to universal cross-site scripting
  • CVE-2020-3868: webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
  • CVE-2020-3885: webkitgtk: Incorrect processing of file URLs
  • CVE-2020-3894: webkitgtk: Race condition allows reading of restricted memory
  • CVE-2020-3895: webkitgtk: Memory corruption triggered by a malicious web content
  • CVE-2020-3897: webkitgtk: Type confusion leading to arbitrary code execution
  • CVE-2020-3899: webkitgtk: Memory consumption issue leading to arbitrary code execution
  • CVE-2020-3900: webkitgtk: Memory corruption triggered by a malicious web content
  • CVE-2020-3901: webkitgtk: Type confusion leading to arbitrary code execution
  • CVE-2020-3902: webkitgtk: Input validation issue leading to cross-site script attack
  • CVE-2020-10018: webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp
  • CVE-2020-11793: webkitgtk: use-after-free via crafted web content
  • CVE-2021-30666: webkitgtk: Buffer overflow leading to arbitrary code execution
  • CVE-2021-30761: webkitgtk: Memory corruption leading to arbitrary code execution
  • CVE-2021-30762: webkitgtk: Use-after-free leading to arbitrary code execution
Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#dos

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data