Arch Linux Security Advisory ASA-202011-28 ========================================== Severity: Medium Date : 2020-11-26 CVE-ID : CVE-2020-9983 CVE-2020-13543 CVE-2020-13584 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1291 Summary ======= The package webkit2gtk before version 2.30.3-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 2.30.3-1. # pacman -Syu "webkit2gtk>=2.30.3-1" The problems have been fixed upstream in version 2.30.3. Workaround ========== None. Description =========== - CVE-2020-9983 (arbitrary code execution) An out-of-bounds write issue was found in webkit2gtk before 2.30.3. Processing maliciously crafted web content may have lead to code execution. - CVE-2020-13543 (arbitrary code execution) A use after free issue was found in webkit2gtk before 2.30.3. Processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2020-13584 (arbitrary code execution) A use after free issue was found in webkit2gtk before 2.30.3. Processing maliciously crafted web content may have lead to arbitrary code execution. Impact ====== A remote attacker might be able to execute arbitrary code via crafted web content. References ========== https://webkitgtk.org/security/WSA-2020-0008.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9983 https://webkitgtk.org/security/WSA-2020-0009.html#CVE-2020-13543 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13584 https://security.archlinux.org/CVE-2020-9983 https://security.archlinux.org/CVE-2020-13543 https://security.archlinux.org/CVE-2020-13584