SB2019040950 - Fedora 30 update for webkit2gtk3
Published: April 9, 2019 Updated: April 24, 2025
Security Bulletin ID
SB2019040950
Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Spoofing attack (CVE-ID: CVE-2019-6251)
The disclosed vulnerability allows a remote attacker to perform spoofing attack.The weakness exists due to improper parsing of specific HTTP content. A remote attacker can trick the victim to follow a specially crafted link and perform a spoofing attack.
2) Data Handling (CVE-ID: CVE-2019-11070)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.
Remediation
Install update from vendor's website.