'[oss-security] WebKitGTK+ Security Advisory WSA-2017-0010'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] WebKitGTK+ Security Advisory WSA-2017-0010
From:       Carlos Alberto Lopez Perez <clopez () igalia ! com>
Date:       2017-12-19 18:58:26
Message-ID: 30a766a5-00c8-f5b8-0773-fa9846f250be () igalia ! com
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


------------------------------------------------------------------------
WebKitGTK+ Security Advisory                               WSA-2017-0010
------------------------------------------------------------------------

Date reported      : December 19, 2017
Advisory ID        : WSA-2017-0010
Advisory URL       : https://webkitgtk.org/security/WSA-2017-0010.html
CVE identifiers    : CVE-2017-7156, CVE-2017-7157, CVE-2017-13856,
                     CVE-2017-13866, CVE-2017-13870.

Several vulnerabilities were discovered in WebKitGTK+.

CVE-2017-7156
    Versions affected: WebKitGTK+ before 2.18.4.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7157
    Versions affected: WebKitGTK+ before 2.18.1.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-13856
    Versions affected: WebKitGTK+ before 2.18.4.
    Credit to Jeonghoon Shin.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-13866
    Versions affected: WebKitGTK+ before 2.18.4.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-13870
    Versions affected: WebKitGTK+ before 2.18.4.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.


We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.

Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html

The WebKitGTK+ team,
December 19, 2017


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic