Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
TitleWebkitGTK+: Multiple vulnerabilities
Informations
NameGLSA-201903-12First vendor Publication2019-03-14
VendorGentooLast vendor Modification2019-03-14
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.

Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.

Description

Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.

Impact

An attacker could execute arbitrary code or conduct cross-site scripting.

Workaround

There is no known workaround at this time.

Resolution

All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.6"

References

[ 1 ] CVE-2019-6212 : https://nvd.nist.gov/vuln/detail/CVE-2019-6212
[ 2 ] CVE-2019-6215 : https://nvd.nist.gov/vuln/detail/CVE-2019-6215
[ 3 ] CVE-2019-6216 : https://nvd.nist.gov/vuln/detail/CVE-2019-6216
[ 4 ] CVE-2019-6217 : https://nvd.nist.gov/vuln/detail/CVE-2019-6217
[ 5 ] CVE-2019-6226 : https://nvd.nist.gov/vuln/detail/CVE-2019-6226
[ 6 ] CVE-2019-6227 : https://nvd.nist.gov/vuln/detail/CVE-2019-6227
[ 7 ] CVE-2019-6229 : https://nvd.nist.gov/vuln/detail/CVE-2019-6229
[ 8 ] CVE-2019-6233 : https://nvd.nist.gov/vuln/detail/CVE-2019-6233
[ 9 ] CVE-2019-6234 : https://nvd.nist.gov/vuln/detail/CVE-2019-6234

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201903-12

Original Source

Url : http://security.gentoo.org/glsa/glsa-201903-12.xml

CWE : Common Weakness Enumeration

%idName
78 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
11 %CWE-704Incorrect Type Conversion or Cast
11 %CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application21
Application226
Application157
Application286
Os169
Os67
Os28
Os2
Os1

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2019-03-14 05:18:31
  • First insertion