AVG-1203 log

Package webkit2gtk
Status Fixed
Severity Critical
Type multiple issues
Affected 2.28.2-2
Fixed 2.28.3-1
Current 2.28.4-1 [extra]
Ticket None
Created Fri Jul 10 12:31:24 2020
Issue Severity Remote Type Description
CVE-2020-13753 High No Sandbox escape
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER...
CVE-2020-9850 Critical Yes Arbitrary code execution
A logic issue has been found in WebKitGTK before 2.28.3 and WPE WebKit before 2.2.8.3, allowing a remote attacker to execute arbitrary code.
CVE-2020-9843 Medium Yes Cross-site scripting
An issue has been found in WebKitGTK before 2.28.3 and WPE WebKit before 2.2.8.3, where processing maliciously crafted web content may lead to a cross site...
CVE-2020-9807 Critical Yes Arbitrary code execution
A memory corruption issue has been found in WebKitGTK before 2.28.3 and WPE WebKit before 2.2.8.3, where processing maliciously crafted web content may lead...
CVE-2020-9806 Critical Yes Arbitrary code execution
A memory corruption issue has been found in WebKitGTK before 2.28.3 and WPE WebKit before 2.2.8.3, where processing maliciously crafted web content may lead...
CVE-2020-9805 High Yes Cross-site scripting
A logic issue has been found in WebKitGTK before 2.28.3 and WPE WebKit before 2.2.8.3, where processing maliciously crafted web content may lead to...
CVE-2020-9803 Critical Yes Arbitrary code execution
A memory corruption issue has been found in WebKitGTK before 2.28.3 and WPE WebKit before 2.2.8.3, where processing maliciously crafted web content may lead...
CVE-2020-9802 Critical Yes Arbitrary code execution
A memory corruption issue has been found in WebKitGTK before 2.28.3 and WPE WebKit before 2.2.8.3, where processing maliciously crafted web content may lead...
Date Advisory Package Description
14 Jul 2020 ASA-202007-1 webkit2gtk multiple issues
References
https://webkitgtk.org/security/WSA-2020-0006.html