ASA-202002-7 log generated external raw

[ASA-202002-7] webkit2gtk: arbitrary code execution
Arch Linux Security Advisory ASA-202002-7 ========================================= Severity: Critical Date : 2020-02-12 CVE-ID : CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1098 Summary ======= The package webkit2gtk before version 2.26.3-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 2.26.3-1. # pacman -Syu "webkit2gtk>=2.26.3-1" The problems have been fixed upstream in version 2.26.3. Workaround ========== None. Description =========== - CVE-2019-8835 (arbitrary code execution) Multiple memory corruption issues have been found in WebKitGTK before 2.26.3, where processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8844 (arbitrary code execution) Multiple memory corruption issues have been found in WebKitGTK before 2.26.3, where processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8846 (arbitrary code execution) Multiple memory corruption issues have been found in WebKitGTK before 2.26.3, where processing maliciously crafted web content may lead to arbitrary code execution. Impact ====== A remote attacker can execute code on the affected host via maliciously crafted web content. References ========== https://webkitgtk.org/security/WSA-2020-0001.html https://webkitgtk.org/security/WSA-2020-0001.html#CVE-2019-8835 https://webkitgtk.org/security/WSA-2020-0001.html#CVE-2019-8844 https://webkitgtk.org/security/WSA-2020-0001.html#CVE-2019-8846 https://security.archlinux.org/CVE-2019-8835 https://security.archlinux.org/CVE-2019-8844 https://security.archlinux.org/CVE-2019-8846