Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 19 Dec 2017 19:58:26 +0100
From: Carlos Alberto Lopez Perez <clopez@...lia.com>
To: webkit-gtk@...ts.webkit.org
Cc: security@...kit.org, distributor-list@...me.org,
 oss-security@...ts.openwall.com, bugtraq@...urityfocus.com
Subject: WebKitGTK+ Security Advisory WSA-2017-0010

------------------------------------------------------------------------
WebKitGTK+ Security Advisory                               WSA-2017-0010
------------------------------------------------------------------------

Date reported      : December 19, 2017
Advisory ID        : WSA-2017-0010
Advisory URL       : https://webkitgtk.org/security/WSA-2017-0010.html
CVE identifiers    : CVE-2017-7156, CVE-2017-7157, CVE-2017-13856,
                     CVE-2017-13866, CVE-2017-13870.

Several vulnerabilities were discovered in WebKitGTK+.

CVE-2017-7156
    Versions affected: WebKitGTK+ before 2.18.4.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7157
    Versions affected: WebKitGTK+ before 2.18.1.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-13856
    Versions affected: WebKitGTK+ before 2.18.4.
    Credit to Jeonghoon Shin.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-13866
    Versions affected: WebKitGTK+ before 2.18.4.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-13870
    Versions affected: WebKitGTK+ before 2.18.4.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.


We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.

Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html

The WebKitGTK+ team,
December 19, 2017



Download attachment "signature.asc" of type "application/pgp-signature" (898 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ