Debian: Security Advisory for webkit2gtk (DSA-4681-1)

The remote host is missing an update for the 'webkit2gtk' package(s) announced via the DSA-4681-1 advisory.

The following vulnerability has been discovered in the webkit2gtk web engine: CVE-2020-3885 Ryan Pickren discovered that a file URL may be incorrectly processed. CVE-2020-3894 Sergei Glazunov discovered that a race condition may allow an application to read restricted memory. CVE-2020-3895 grigoritchy discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-3897 Brendan Draper discovered that a remote attacker may be able to cause arbitrary code execution. CVE-2020-3899 OSS-Fuzz discovered that a remote attacker may be able to cause arbitrary code execution. CVE-2020-3900 Dongzhuo Zhao discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-3901 Benjamin Randazzo discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-3902 Yigit Can Yilmaz discovered that processing maliciously crafted web content may lead to a cross site scripting attack.

'webkit2gtk' package(s) on Debian Linux.

Checks if a vulnerable package version is present on the target host.

For the stable distribution (buster), these problems have been fixed in version 2.28.2-2~deb10u1. We recommend that you upgrade your webkit2gtk packages.