Last active
April 16, 2020 12:54
-
-
Save denisse-dev/ecdf961cd6f0ea6edfb3bf40dd3e465a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Arch Linux Security Advisory ASA-202004-15 | |
| ========================================= | |
| Severity: Critical | |
| Date : 2020-04-16 | |
| CVE-ID : CVE-2020-11793 | |
| Package : webkit2gtk | |
| Type : arbitrary code execution | |
| Remote : Yes | |
| Link : https://security.archlinux.org/AVG-???? | |
| Summary | |
| ======= | |
| The package webkit2gtk before version 2.28.1 is vulnerable to | |
| arbitrary code execution. | |
| Resolution | |
| ========== | |
| Upgrade to 2.28.1. | |
| # pacman -Syu "webkit2gtk>=2.28.1-1" | |
| The problem has been fixed upstream in version 2.28.1. | |
| Workaround | |
| ========== | |
| None. | |
| Description | |
| =========== | |
| A use-after-free has been found in WebKitGTK before 2.28.1, where | |
| processing maliciously crafted web content may lead to arbitrary code | |
| execution. | |
| Impact | |
| ====== | |
| A remote attacker can execute arbitrary code via specially crafted web | |
| content. | |
| References | |
| ========== | |
| https://webkitgtk.org/security/WSA-2020-0004.html | |
| https://security.archlinux.org/CVE-2020-11793 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment