WebkitGTK+: Multiple vulnerabilities — GLSA 202003-22

Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution.

Affected packages

Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.

Description

Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.

Impact

A remote attacker could execute arbitrary code, cause a Denial of Service condition, bypass intended memory-read restrictions, conduct a timing side-channel attack to bypass the Same Origin Policy or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.26.4"
 

References

• CVE-2019-8625
• CVE-2019-8674
• CVE-2019-8707
• CVE-2019-8710
• CVE-2019-8719
• CVE-2019-8720
• CVE-2019-8726
• CVE-2019-8733
• CVE-2019-8735
• CVE-2019-8743
• CVE-2019-8763
• CVE-2019-8764
• CVE-2019-8765
• CVE-2019-8766
• CVE-2019-8768
• CVE-2019-8769
• CVE-2019-8771
• CVE-2019-8782
• CVE-2019-8783
• CVE-2019-8808
• CVE-2019-8811
• CVE-2019-8812
• CVE-2019-8813
• CVE-2019-8814
• CVE-2019-8815
• CVE-2019-8816
• CVE-2019-8819
• CVE-2019-8820
• CVE-2019-8821
• CVE-2019-8822
• CVE-2019-8823
• CVE-2019-8835
• CVE-2019-8844
• CVE-2019-8846
• CVE-2020-3862
• CVE-2020-3864
• CVE-2020-3865
• CVE-2020-3867
• CVE-2020-3868

Release date
March 15, 2020

Latest revision
March 15, 2020: 1

Severity
normal

Exploitable
remote

Bugzilla entries

• 699156
• 706374
• 709612