DSA-4681-1

Details

CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902

The following vulnerability has been discovered in the webkit2gtk web engine:

CVE-2020-3885

Ryan Pickren discovered that a file URL may be incorrectly
processed.

CVE-2020-3894

Sergei Glazunov discovered that a race condition may allow an
application to read restricted memory.

CVE-2020-3895

grigoritchy discovered that processing maliciously crafted web
content may lead to arbitrary code execution.

CVE-2020-3897

Brendan Draper discovered that a remote attacker may be able to
cause arbitrary code execution.

CVE-2020-3899

OSS-Fuzz discovered that A remote attacker may be able to cause
arbitrary code execution.

CVE-2020-3900

Dongzhuo Zhao discovered that processing maliciously crafted web
content may lead to arbitrary code execution.

CVE-2020-3901

Benjamin Randazzo discovered that processing maliciously crafted
web content may lead to arbitrary code execution.

CVE-2020-3902

Yigit Can Yilmaz discovered that processing maliciously crafted
web content may lead to a cross site scripting attack.

Affected Packages

webkit2gtk

Debian 10

Fixed in:

2.28.2-2~deb10u1

References