Note:
This project will be discontinued after December 13, 2021. [more]
2020-03-02
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.
Products | Ubuntu_linux, Debian_linux, Fedora, Leap, Webkitgtk, Wpe_webkit |
Type | Use After Free (CWE-416) |
First patch | - None (likely due to unavailable code) |
Links |
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOR5LPL4UASVAR76EIHCL4O2KGDWGC6K/
• https://www.debian.org/security/2020/dsa-4641 • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html • https://webkitgtk.org/security/WSA-2020-0003.html • https://usn.ubuntu.com/4310-1/ |