AVG-1100 log

Package webkit2gtk
Status Fixed
Severity High
Type multiple issues
Affected 2.26.3-1
Fixed 2.26.4-1
Current 2.28.4-1 [extra]
Ticket None
Created Fri Feb 14 15:46:32 2020
Issue Severity Remote Type Description
CVE-2020-3868 High Yes Arbitrary code execution
Processing maliciously crafted web content may lead to arbitrary code execution. Credit to Marcin Towalski of Cisco Talos.
CVE-2020-3867 High Yes Cross-site scripting
Processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2020-3865 High Yes Sandbox escape
A top-level DOM object context may have incorrectly been considered secure.
CVE-2020-3864 Medium Yes Same-origin policy bypass
A DOM object context may not have had a unique security origin.
CVE-2020-3862 Medium Yes Denial of service
A malicious website may be able to cause a denial of service.
Date Advisory Package Description
17 Feb 2020 ASA-202002-10 webkit2gtk multiple issues
References
https://webkitgtk.org/security/WSA-2020-0002.html