WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html | |
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html | |
http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html | Third Party Advisory |
http://www.openwall.com/lists/oss-security/2019/04/11/1 | Third Party Advisory |
https://bugs.webkit.org/show_bug.cgi?id=193718 | Issue Tracking Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/ | |
https://seclists.org/bugtraq/2019/Apr/21 | Mailing List Third Party Advisory VDB Entry |
https://security.gentoo.org/glsa/201909-05 | |
https://trac.webkit.org/changeset/243197/webkit | Patch Vendor Advisory |
https://usn.ubuntu.com/3948-1/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-04-10T20:15:06
Updated: 2019-09-06T17:06:11
Reserved: 2019-04-10T00:00:00
Link: CVE-2019-11070
JSON object: View
NVD Information
Status : Modified
Published: 2019-04-10T21:29:01.653
Modified: 2023-11-07T03:02:39.273
Link: CVE-2019-11070
JSON object: View
Redhat Information
No data.
CWE