Mageia alert MGASA-2022-0059 (webkit2)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2022-0059: Updated webkit2 packages fix security vulnerability | |
| Date: | Sat, 12 Feb 2022 18:32:36 +0100 | |
| Message-ID: | <20220212173236.A30D4A0101@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2022-0059 - Updated webkit2 packages fix security vulnerability Publication date: 12 Feb 2022 URL: https://advisories.mageia.org/MGASA-2022-0059.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-22589, CVE-2022-22590, CVE-2022-22592 Description: Processing a maliciously crafted mail message may lead to running arbitrary javascript. Description: A validation issue was addressed with improved input sanitization. (CVE-2022-22589) Processing maliciously crafted web content may lead to arbitrary code execution. Description: A use after free issue was addressed with improved memory management. (CVE-2022-22590) Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Description: A logic issue was addressed with improved state management. (CVE-2022-22592) References: - https://bugs.mageia.org/show_bug.cgi?id=30018 - https://webkitgtk.org/security/WSA-2022-0002.html - https://webkitgtk.org/2022/02/09/webkitgtk2.34.5-released... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... SRPMS: - 8/core/webkit2-2.34.5-1.mga8