A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
Se presenta una vulnerabilidad de ejecución de código en la funcionalidad WebSocket de Webkit WebKitGTK versión 2.30.0. Una página web especialmente diseñada puede desencadenar una vulnerabilidad de uso de la memoria previamente liberada que puede conllevar a una ejecución de código remota. Un atacante puede lograr que un usuario visite una página web para desencadenar esta vulnerabilidad
An update that fixes 5 vulnerabilities is now available. This update for webkit2gtk3 fixes the following issues. Fixed a use after free which could have led to arbitrary code execution. Fixed a use after free which could have led to arbitrary code execution. Fixed a type confusion which could have led to arbitrary code execution. Fixed a use after free which could have led to arbitrary code execution. Fixed an out of bounds write which could have led to arbitrary code execution. Same version. With JIT disabled. Also disable sampling profiler, since it conflicts with c_loop. This update was imported from the SUSE:SLE-15:Update update project.
