Debian: Security Advisory for webkit2gtk (DSA-4724-1)

The remote host is missing an update for the 'webkit2gtk' package(s) announced via the DSA-4724-1 advisory.

The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-9802 Samuel Gross discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9803 Wen Xu discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9805 An anonymous researcher discovered that processing maliciously crafted web content may lead to universal cross site scripting. CVE-2020-9806 Wen Xu discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9807 Wen Xu discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9843 Ryan Pickren discovered that processing maliciously crafted web content may lead to a cross site scripting attack. CVE-2020-9850 @jinmo123, @setuid0x0_, and @insu_yun_en discovered that a remote attacker may be able to cause arbitrary code execution. CVE-2020-13753 Milan Crha discovered that an attacker may be able to execute commands outside the bubblewrap sandbox.

'webkit2gtk' package(s) on Debian Linux.

Checks if a vulnerable package version is present on the target host.

For the stable distribution (buster), these problems have been fixed in version 2.28.3-2~deb10u1. We recommend that you upgrade your webkit2gtk packages.