MGASA-2020-0092

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2020-0092.html
Import Source
https://advisories.mageia.org/MGASA-2020-0092.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2020-0092
Related
Published
2020-02-18T14:05:53Z
Modified
2020-02-18T13:38:35Z
Summary
Updated webkit2 packages fix security vulnerability
Details

webkit2 packages have been updated to 2.26.4 and fixed the followin security vulnerabilities:

A malicious website may be able to cause a denial of service (CVE-2020-3862).

A DOM object context may not have had a unique security origin (CVE-2020-3864).

A top-level DOM object context may have incorrectly been considered secure (CVE-2020-3865).

Processing maliciously crafted web content may lead to universal cross site scripting (CVE-2020-3867).

Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2020-3868).

References
Credits

Affected packages

Mageia:7 / webkit2

Package

Name
webkit2
Purl
pkg:rpm/mageia/webkit2?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.26.4-1.mga7

Ecosystem specific 

{
    "section": "core"
}