SB2020020538 - Buffer overflow in webkit2gtk (Alpine package)
Published: February 5, 2020
Security Bulletin ID
SB2020020538
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2019-8844)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=43e01333a71cc5e29a1531339917c8a64b193b2c
- https://git.alpinelinux.org/aports/commit/?id=5ec68bc860a804071e2c87c146a829949ecd9823
- https://git.alpinelinux.org/aports/commit/?id=8b3a46c2ec060d51fc769e3ce9157a90230833cf
- https://git.alpinelinux.org/aports/commit/?id=bd1f76291160c4dc84308545b201676bef6f1471