Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 17 Jan 2017 20:08:30 +0100
From: Carlos Alberto Lopez Perez <clopez@...lia.com>
To: "webkit-gtk@...ts.webkit.org" <webkit-gtk@...ts.webkit.org>
Cc: security@...kit.org, distributor-list@...me.org,
 oss-security@...ts.openwall.com, bugtraq@...urityfocus.com
Subject: WebKitGTK+ Security Advisory WSA-2017-0001

------------------------------------------------------------------------
WebKitGTK+ Security Advisory                               WSA-2017-0001
------------------------------------------------------------------------

Date reported      : January 17, 2017
Advisory ID        : WSA-2017-0001
Advisory URL       : https://webkitgtk.org/security/WSA-2017-0001.html
CVE identifiers    : CVE-2016-4692, CVE-2016-4743, CVE-2016-7586,
                     CVE-2016-7587, CVE-2016-7589, CVE-2016-7592,
                     CVE-2016-7598, CVE-2016-7599, CVE-2016-7610,
                     CVE-2016-7611, CVE-2016-7623, CVE-2016-7632,
                     CVE-2016-7635, CVE-2016-7639, CVE-2016-7640,
                     CVE-2016-7641, CVE-2016-7642, CVE-2016-7645,
                     CVE-2016-7646, CVE-2016-7648, CVE-2016-7649,
                     CVE-2016-7652, CVE-2016-7654, CVE-2016-7656.

Several vulnerabilities were discovered in WebKitGTK+.

CVE-2016-4692
    Versions affected: WebKitGTK+ before 2.14.1.
    Credit to Apple.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed through improved memory handling.

CVE-2016-4743
    Versions affected: WebKitGTK+ before 2.14.0.
    Credit to Alan Cutter.
    Impact: Processing maliciously crafted web content may result in the
    disclosure of process memory. Description: A memory corruption issue
    was addressed through improved input validation.

CVE-2016-7586
    Versions affected: WebKitGTK+ before 2.14.3.
    Credit to Boris Zbarsky.
    Impact: Processing maliciously crafted web content may result in the
    disclosure of user information. Description: A validation issue was
    addressed through improved state management.

CVE-2016-7587
    Versions affected: WebKitGTK+ before 2.14.0.
    Credit to Adam Klein.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed through improved state management.

CVE-2016-7589
    Versions affected: WebKitGTK+ before 2.14.3.
    Credit to Apple.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: A memory corruption issue was
    addressed through improved state management.

CVE-2016-7592
    Versions affected: WebKitGTK+ before 2.14.3.
    Credit to xisigr of Tencent's Xuanwu Lab (tencent.com).
    Impact: Processing maliciously crafted web content may compromise
    user information. Description: An issue existed in handling of
    JavaScript prompts. This was addressed through improved state
    management.

CVE-2016-7598
    Versions affected: WebKitGTK+ before 2.14.0.
    Credit to Samuel Groß.
    Impact: Processing maliciously crafted web content may result in the
    disclosure of process memory. Description: An uninitialized memory
    access issue was addressed through improved memory initialization.

CVE-2016-7599
    Versions affected: WebKitGTK+ before 2.14.3.
    Credit to Muneaki Nishimura (nishimunea) of Recruit Technologies
    Co., Ltd.
    Impact: Processing maliciously crafted web content may result in the
    disclosure of user information. Description: An issue existed in the
    handling of HTTP redirects. This issue was addressed through
    improved cross origin validation.

CVE-2016-7610
    Versions affected: WebKitGTK+ before 2.14.1.
    Credit to Zheng Huang of the Baidu Security Lab working with Trend
    Micro's Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed through improved state management.

CVE-2016-7611
    Versions affected: WebKitGTK+ before 2.14.2.
    Credit to an anonymous researcher working with Trend Micro's Zero
    Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed through improved state management.

CVE-2016-7623
    Versions affected: WebKitGTK+ before 2.14.3.
    Credit to xisigr of Tencent's Xuanwu Lab (tencent.com).
    Impact: Visiting a maliciously crafted website may compromise user
    information. Description: An issue existed in the handling of blob
    URLs. This issue was addressed through improved URL handling.

CVE-2016-7632
    Versions affected: WebKitGTK+ before 2.14.3.
    Credit to Jeonghoon Shin.
    Impact: Visiting a maliciously crafted webpage may lead to an
    unexpected application termination or arbitrary code execution.
    Description: A memory corruption issue was addressed through
    improved state management.

CVE-2016-7635
    Versions affected: WebKitGTK+ before 2.14.3.
    Credit to Apple.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed through improved memory handling.

CVE-2016-7639
    Versions affected: WebKitGTK+ before 2.14.3.
    Credit to Tongbo Luo of Palo Alto Networks.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed through improved state management.

CVE-2016-7640
    Versions affected: WebKitGTK+ before 2.14.2.
    Credit to Kai Kang of Tencent's Xuanwu Lab (tencent.com).
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed through improved state management.

CVE-2016-7641
    Versions affected: WebKitGTK+ before 2.14.3.
    Credit to Kai Kang of Tencent's Xuanwu Lab (tencent.com).
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed through improved state management.

CVE-2016-7642
    Versions affected: WebKitGTK+ before 2.14.2.
    Credit to Tongbo Luo of Palo Alto Networks.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed through improved state management.

CVE-2016-7645
    Versions affected: WebKitGTK+ before 2.14.3.
    Credit to Kai Kang of Tencent's Xuanwu Lab (tencent.com).
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed through improved state management.

CVE-2016-7646
    Versions affected: WebKitGTK+ before 2.14.2.
    Credit to Kai Kang of Tencent's Xuanwu Lab (tencent.com).
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed through improved state management.

CVE-2016-7648
    Versions affected: WebKitGTK+ before 2.14.2.
    Credit to Kai Kang of Tencent's Xuanwu Lab (tencent.com).
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed through improved state management.

CVE-2016-7649
    Versions affected: WebKitGTK+ before 2.14.2.
    Credit to Kai Kang of Tencent's Xuanwu Lab (tencent.com).
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed through improved state management.

CVE-2016-7652
    Versions affected: WebKitGTK+ before 2.14.3.
    Credit to Apple.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed through improved memory handling.

CVE-2016-7654
    Versions affected: WebKitGTK+ before 2.14.3.
    Credit to Keen Lab working with Trend Micro's Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed through improved state management.

CVE-2016-7656
    Versions affected: WebKitGTK+ before 2.14.3.
    Credit to Keen Lab working with Trend Micro's Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: A memory corruption issue was
    addressed through improved state management.


We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.

Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html

The WebKitGTK+ team,
January 17, 2017


Download attachment "signature.asc" of type "application/pgp-signature" (884 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.