734584 – (CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925) <net-libs/webkit-gtk-2.28.4: Multiple vulnerabilities (CVE-2020-{9862,9893,9894,9895,9915,9925})

Bug 734584 (CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925) - <net-libs/webkit-gtk-2.28.4: Multiple vulnerabilities (CVE-2020-{9862,9893,9894,9895,9915,9925})

Summary: <net-libs/webkit-gtk-2.28.4: Multiple vulnerabilities (CVE-2020-{9862,9893,98...

Status:	RESOLVED FIXED

Alias:	CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:	https://webkitgtk.org/security/WSA-20...
Whiteboard:	A2 [glsa+ cve]
Keywords:

Depends on:
Blocks:

Reported:	2020-07-29 16:59 UTC by John Helmert III
Modified:	2020-07-31 17:13 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	net-libs/webkit-gtk-2.28.4
Runtime testing required:	---

Flags:	nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2020-07-29 16:59:25 UTC

CVE-2020-9862:

Impact: Copying a URL from Web Inspector may lead to command injection. Description: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.

CVE-2020-9893:

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Description: An use-after-free issue was addressed with improved memory management.

CVE-2020-9894:

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9895:

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Description: An use-after-free issue was addressed with improved memory management.

CVE-2020-9915:

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Description: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.

CVE-2020-9925:

Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A logic issue was addressed with improved state management.



All are fixed by 2.28.4 according to $URL. Let's stable when ready?

Comment 1 Sam James archtester

2020-07-29 23:08:12 UTC

arm64 stable

Comment 2 Sam James archtester

2020-07-29 23:08:34 UTC

amd64 stable

Comment 3 Sam James archtester

2020-07-29 23:47:47 UTC

x86 stable. Please cleanup.

Comment 4 Larry the Git Cow gentoo-dev

2020-07-30 21:18:01 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e09a9c9cc6ff10e82e4d9a1f8bb6e896325ef029

commit e09a9c9cc6ff10e82e4d9a1f8bb6e896325ef029
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2020-07-30 21:17:26 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2020-07-30 21:17:52 +0000

    net-libs/webkit-gtk: security cleanup
    
    Bug: https://bugs.gentoo.org/734584
    Package-Manager: Portage-2.3.84, Repoman-2.3.20
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 net-libs/webkit-gtk/Manifest                       |   1 -
 .../webkit-gtk/files/2.28.3-non-jumbo-fix2.patch   |  44 ----
 net-libs/webkit-gtk/webkit-gtk-2.28.3.ebuild       | 290 ---------------------
 3 files changed, 335 deletions(-)

Comment 5 GLSAMaker/CVETool Bot gentoo-dev

2020-07-31 17:13:37 UTC

This issue was resolved and addressed in
 GLSA 202007-61 at https://security.gentoo.org/glsa/202007-61
by GLSA coordinator Sam James (sam_c).