| Summary: | webkit2 security issue fixed upstream (WSA-2020-0003, CVE-2020-10018) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, herman.viaene, nicolas.salguero, sysadmin-bugs, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | webkit2-2.26.4-1.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-03-13 18:00:18 CET
Updated package uploaded by Nicolas. Advisory: ======================== Updated webkit2 packages fix security vulnerability: WebKitGTK through 2.26.4 contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution (CVE-2020-10018). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10018 https://webkitgtk.org/2020/03/10/webkitgtk2.28.0-released.html https://webkitgtk.org/security/WSA-2020-0003.html ======================== Updated packages in core/updates_testing: ======================== webkit2-2.28.0-1.mga7 webkit2-jsc-2.28.0-1.mga7 libwebkit2gtk4.0_37-2.28.0-1.mga7 libjavascriptcoregtk4.0_18-2.28.0-1.mga7 libwebkit2-devel-2.28.0-1.mga7 libjavascriptcore-gir4.0-2.28.0-1.mga7 libwebkit2gtk-gir4.0-2.28.0-1.mga7 from webkit2-2.28.0-1.mga7.src.rpm CC:
(none) =>
nicolas.salguero
Thomas Backlund
2020-03-14 08:57:13 CET
CC:
(none) =>
tmb MGA7-64 Plasma on Lenovo B50 Noinstallation issues. Ref bug 26127 for test. $ zenity --calendar pick March 24 on it and get feedback. 24/03/20 OK for me. CC:
(none) =>
herman.viaene Validating. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0144.html Status:
NEW =>
RESOLVED |