USN-4178-1: WebKitGTK+ vulnerabilities

🗓️ 07 Nov 2019 14:02:48Reported by UbuntuType

ubuntu

ubuntu🔗 ubuntu.com👁 156 Views

Vulnerabilities in WebKitGTK+ for Ubuntu 19.04 and 18.04 ESM, webkit2gtk package

Reporter	Title	Published	Views	Family All 194
FreeBSD	webkit2-gtk3 -- Multiple vulnerabilities	29 Oct 201900:00	–	freebsd
ATTACKERKB	CVE-2019-8720	6 Mar 202300:00	–	attackerkb
Tenable Nessus	Amazon Linux 2 : webkitgtk4 (ALAS-2020-1563)	11 Nov 202000:00	–	nessus
Tenable Nessus	AlmaLinux 8 : GNOME (ALSA-2020:4451)	9 Feb 202200:00	–	nessus
Tenable Nessus	Apple iOS < 13.1 Multiple Vulnerabilities (HT210603)	14 Jul 202100:00	–	nessus
Tenable Nessus	CentOS 8 : GNOME (CESA-2020:4451)	1 Feb 202100:00	–	nessus
Tenable Nessus	CentOS 7 : webkitgtk4 (RHSA-2020:4035)	30 Nov 202000:00	–	nessus
Tenable Nessus	Debian DSA-4558-1 : webkit2gtk - security update	6 Nov 201900:00	–	nessus
Tenable Nessus	Fedora 30 : webkit2gtk3 (2019-99db7a510e)	4 Nov 201900:00	–	nessus
Tenable Nessus	FreeBSD : webkit2-gtk3 -- Multiple vulnerabilities (92243b6a-5775-4aea-8727-a938058df5ba)	1 Nov 201900:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	18.04	any	gir1.2-javascriptcoregtk-4.0	2.26.1-0ubuntu0.18.04.1	gir1.2-javascriptcoregtk-4.0_2.26.1-0ubuntu0.18.04.1_any.deb
Ubuntu	19.04	any	gir1.2-javascriptcoregtk-4.0	2.26.1-0ubuntu0.19.04.3	gir1.2-javascriptcoregtk-4.0_2.26.1-0ubuntu0.19.04.3_any.deb

07 Nov 2019 14:02Current

6.7Medium risk

Vulners AI Score6.7

CVSS 24.3

CVSS 3.18.8

EPSS0.01556

SSVC

ubuntu webkitgtk+web content engine security issues remote attacker cross-site scripting denial of service arbitrary code execution unix