Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-4681-1 webkit2gtk -- security update

Related Vulnerabilities: CVE-2020-3885   CVE-2020-3894   CVE-2020-3895   CVE-2020-3897   CVE-2020-3899   CVE-2020-3900   CVE-2020-3901   CVE-2020-3902  

The following vulnerability has been discovered in the webkit2gtk web engine: CVE-2020-3885 Ryan Pickren discovered that a file URL may be incorrectly processed. CVE-2020-3894 Sergei Glazunov discovered that a race condition may allow an application to read restricted memory. CVE-2020-3895 grigoritchy discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-3897 Brendan Draper discovered that a remote attacker may be able to cause arbitrary code execution. CVE-2020-3899 OSS-Fuzz discovered that a remote attacker may be able to cause arbitrary code execution. CVE-2020-3900 Dongzhuo Zhao discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-3901 Benjamin Randazzo discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-3902 Yigit Can Yilmaz discovered that processing maliciously crafted web content may lead to a cross site scripting attack. For the stable distribution (buster), these problems have been fixed in version 2.28.2-2~deb10u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk

Source

Debian Security Advisory

DSA-4681-1 webkit2gtk -- security update

Date Reported:
07 May 2020
Affected Packages:
webkit2gtk
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902.
More information:

The following vulnerability has been discovered in the webkit2gtk web engine:

  • CVE-2020-3885

    Ryan Pickren discovered that a file URL may be incorrectly processed.

  • CVE-2020-3894

    Sergei Glazunov discovered that a race condition may allow an application to read restricted memory.

  • CVE-2020-3895

    grigoritchy discovered that processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2020-3897

    Brendan Draper discovered that a remote attacker may be able to cause arbitrary code execution.

  • CVE-2020-3899

    OSS-Fuzz discovered that a remote attacker may be able to cause arbitrary code execution.

  • CVE-2020-3900

    Dongzhuo Zhao discovered that processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2020-3901

    Benjamin Randazzo discovered that processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2020-3902

    Yigit Can Yilmaz discovered that processing maliciously crafted web content may lead to a cross site scripting attack.

For the stable distribution (buster), these problems have been fixed in version 2.28.2-2~deb10u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started