WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006
-
Date Reported: July 10, 2020
-
Advisory ID: WSA-2020-0006
-
CVE identifiers: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
- CVE-2020-9802
- Versions affected: WebKitGTK before 2.28.3 and WPE WebKit before 2.28.3.
- Credit to Samuel Groß of Google Project Zero.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A logic issue was addressed with improved restrictions.
- CVE-2020-9803
- Versions affected: WebKitGTK before 2.28.3 and WPE WebKit before 2.28.3.
- Credit to Wen Xu of SSLab at Georgia Tech.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved validation.
- CVE-2020-9805
- Versions affected: WebKitGTK before 2.28.3 and WPE WebKit before 2.28.3.
- Credit to an anonymous researcher.
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A logic issue was addressed with improved restrictions.
- CVE-2020-9806
- Versions affected: WebKitGTK before 2.28.3 and WPE WebKit before 2.28.3.
- Credit to Wen Xu of SSLab at Georgia Tech.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management.
- CVE-2020-9807
- Versions affected: WebKitGTK before 2.28.3 and WPE WebKit before 2.28.3.
- Credit to Wen Xu of SSLab at Georgia Tech.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management.
- CVE-2020-9843
- Versions affected: WebKitGTK before 2.28.3 and WPE WebKit before 2.28.3.
- Credit to Ryan Pickren (ryanpickren.com).
- Impact: Processing maliciously crafted web content may lead to a cross site scripting attack. Description: An input validation issue was addressed with improved input validation.
- CVE-2020-9850
- Versions affected: WebKitGTK before 2.28.3 and WPE WebKit before 2.28.3.
- Credit to @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative.
- Impact: A remote attacker may be able to cause arbitrary code execution. Description: A logic issue was addressed with improved restrictions.
- CVE-2020-13753
- Versions affected: WebKitGTK before 2.28.3 and WPE WebKit before 2.28.3.
- Credit to Milan Crha at Red Hat.
- The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg- desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal’s input buffer, similar to CVE-2017-5226.
We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.
Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/.