{"id":"MGASA-2019-0281","summary":"Updated webkit2 packages fix security vulnerabilities","details":"Updated webkit2 packages fix security vulnerabilities:\n\nProcessing maliciously crafted web content may lead to arbitrary code\nexecution. Multiple memory corruption issues were addressed with\nimproved memory handling (CVE-2019-8644).\n\nProcessing maliciously crafted web content may lead to universal cross\nsite scripting. A logic issue existed in the handling of synchronous\npage loads. This issue was addressed with improved state management\n(CVE-2019-8649).\n\nProcessing maliciously crafted web content may lead to universal cross\nsite scripting. A logic issue was addressed with improved state management\n(CVE-2019-8658).\n\nProcessing maliciously crafted web content may lead to arbitrary code\nexecution. Multiple memory corruption issues were addressed with improved\nmemory handling (CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672,\nCVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679,\nCVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686,\nCVE-2019-8687, CVE-2019-8688, CVE-2019-8689).\n\nProcessing maliciously crafted web content may lead to universal cross\nsite scripting. A logic issue existed in the handling of document loads.\nThis issue was addressed with improved state management (CVE-2019-8690).\n\nFor other fixes in this update, see the referenced release links.\n","modified":"2026-02-04T03:58:30.694267Z","published":"2019-09-15T14:45:31Z","related":["CVE-2019-8644","CVE-2019-8649","CVE-2019-8658","CVE-2019-8666","CVE-2019-8669","CVE-2019-8671","CVE-2019-8672","CVE-2019-8673","CVE-2019-8676","CVE-2019-8677","CVE-2019-8678","CVE-2019-8679","CVE-2019-8680","CVE-2019-8681","CVE-2019-8683","CVE-2019-8684","CVE-2019-8686","CVE-2019-8687","CVE-2019-8688","CVE-2019-8689","CVE-2019-8690"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0281.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25377"},{"type":"REPORT","url":"https://webkitgtk.org/security/WSA-2019-0004.html"},{"type":"REPORT","url":"https://webkitgtk.org/2019/07/02/webkitgtk2.24.3-released.html"},{"type":"REPORT","url":"https://webkitgtk.org/2019/08/28/webkitgtk2.24.4-released.html"}],"affected":[{"package":{"name":"webkit2","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/webkit2?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.24.4-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0281.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}