From: | Thomas Deutschmann <whissi@g.o> |
---|---|
To: | gentoo-announce@l.g.o |
Subject: | [gentoo-announce] [ GLSA 201808-04 ] WebkitGTK+: Multiple vulnerabilities |
Date: | Wed, 22 Aug 2018 21:41:02 |
Message-Id: | c6b1f0a2-9569-9753-a3fc-1cfe255f67c9@gentoo.org |
1 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
2 | Gentoo Linux Security Advisory GLSA 201808-04 |
3 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
4 | https://security.gentoo.org/ |
5 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
6 | |
7 | Severity: Normal |
8 | Title: WebkitGTK+: Multiple vulnerabilities |
9 | Date: August 22, 2018 |
10 | Bugs: #652820, #658168, #662974 |
11 | ID: 201808-04 |
12 | |
13 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
14 | |
15 | Synopsis |
16 | ======== |
17 | |
18 | Multiple vulnerabilities have been found in WebKitGTK+, the worst of |
19 | which may lead to arbitrary code execution. |
20 | |
21 | Background |
22 | ========== |
23 | |
24 | WebKitGTK+ is a full-featured port of the WebKit rendering engine, |
25 | suitable for projects requiring any kind of web integration, from |
26 | hybrid HTML/CSS applications to full-fledged web browsers. |
27 | |
28 | Affected packages |
29 | ================= |
30 | |
31 | ------------------------------------------------------------------- |
32 | Package / Vulnerable / Unaffected |
33 | ------------------------------------------------------------------- |
34 | 1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4 |
35 | |
36 | Description |
37 | =========== |
38 | |
39 | Multiple vulnerabilities have been discovered in WebKitGTK+. Please |
40 | review the referenced CVE identifiers for details. |
41 | |
42 | Impact |
43 | ====== |
44 | |
45 | A remote attacker could execute arbitrary commands or cause a denial of |
46 | service condition via a maliciously crafted web content. |
47 | |
48 | Workaround |
49 | ========== |
50 | |
51 | There is no known workaround at this time. |
52 | |
53 | Resolution |
54 | ========== |
55 | |
56 | All WebkitGTK+ users should upgrade to the latest version: |
57 | |
58 | # emerge --sync |
59 | # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4" |
60 | |
61 | References |
62 | ========== |
63 | |
64 | [ 1 ] CVE-2018-11646 |
65 | https://nvd.nist.gov/vuln/detail/CVE-2018-11646 |
66 | [ 2 ] CVE-2018-11712 |
67 | https://nvd.nist.gov/vuln/detail/CVE-2018-11712 |
68 | [ 3 ] CVE-2018-11713 |
69 | https://nvd.nist.gov/vuln/detail/CVE-2018-11713 |
70 | [ 4 ] CVE-2018-12293 |
71 | https://nvd.nist.gov/vuln/detail/CVE-2018-12293 |
72 | [ 5 ] CVE-2018-12294 |
73 | https://nvd.nist.gov/vuln/detail/CVE-2018-12294 |
74 | [ 6 ] CVE-2018-4101 |
75 | https://nvd.nist.gov/vuln/detail/CVE-2018-4101 |
76 | [ 7 ] CVE-2018-4113 |
77 | https://nvd.nist.gov/vuln/detail/CVE-2018-4113 |
78 | [ 8 ] CVE-2018-4114 |
79 | https://nvd.nist.gov/vuln/detail/CVE-2018-4114 |
80 | [ 9 ] CVE-2018-4117 |
81 | https://nvd.nist.gov/vuln/detail/CVE-2018-4117 |
82 | [ 10 ] CVE-2018-4118 |
83 | https://nvd.nist.gov/vuln/detail/CVE-2018-4118 |
84 | [ 11 ] CVE-2018-4119 |
85 | https://nvd.nist.gov/vuln/detail/CVE-2018-4119 |
86 | [ 12 ] CVE-2018-4120 |
87 | https://nvd.nist.gov/vuln/detail/CVE-2018-4120 |
88 | [ 13 ] CVE-2018-4121 |
89 | https://nvd.nist.gov/vuln/detail/CVE-2018-4121 |
90 | [ 14 ] CVE-2018-4122 |
91 | https://nvd.nist.gov/vuln/detail/CVE-2018-4122 |
92 | [ 15 ] CVE-2018-4125 |
93 | https://nvd.nist.gov/vuln/detail/CVE-2018-4125 |
94 | [ 16 ] CVE-2018-4127 |
95 | https://nvd.nist.gov/vuln/detail/CVE-2018-4127 |
96 | [ 17 ] CVE-2018-4128 |
97 | https://nvd.nist.gov/vuln/detail/CVE-2018-4128 |
98 | [ 18 ] CVE-2018-4129 |
99 | https://nvd.nist.gov/vuln/detail/CVE-2018-4129 |
100 | [ 19 ] CVE-2018-4133 |
101 | https://nvd.nist.gov/vuln/detail/CVE-2018-4133 |
102 | [ 20 ] CVE-2018-4146 |
103 | https://nvd.nist.gov/vuln/detail/CVE-2018-4146 |
104 | [ 21 ] CVE-2018-4162 |
105 | https://nvd.nist.gov/vuln/detail/CVE-2018-4162 |
106 | [ 22 ] CVE-2018-4163 |
107 | https://nvd.nist.gov/vuln/detail/CVE-2018-4163 |
108 | [ 23 ] CVE-2018-4165 |
109 | https://nvd.nist.gov/vuln/detail/CVE-2018-4165 |
110 | [ 24 ] CVE-2018-4190 |
111 | https://nvd.nist.gov/vuln/detail/CVE-2018-4190 |
112 | [ 25 ] CVE-2018-4192 |
113 | https://nvd.nist.gov/vuln/detail/CVE-2018-4192 |
114 | [ 26 ] CVE-2018-4199 |
115 | https://nvd.nist.gov/vuln/detail/CVE-2018-4199 |
116 | [ 27 ] CVE-2018-4200 |
117 | https://nvd.nist.gov/vuln/detail/CVE-2018-4200 |
118 | [ 28 ] CVE-2018-4201 |
119 | https://nvd.nist.gov/vuln/detail/CVE-2018-4201 |
120 | [ 29 ] CVE-2018-4204 |
121 | https://nvd.nist.gov/vuln/detail/CVE-2018-4204 |
122 | [ 30 ] CVE-2018-4214 |
123 | https://nvd.nist.gov/vuln/detail/CVE-2018-4214 |
124 | [ 31 ] CVE-2018-4218 |
125 | https://nvd.nist.gov/vuln/detail/CVE-2018-4218 |
126 | [ 32 ] CVE-2018-4222 |
127 | https://nvd.nist.gov/vuln/detail/CVE-2018-4222 |
128 | [ 33 ] CVE-2018-4232 |
129 | https://nvd.nist.gov/vuln/detail/CVE-2018-4232 |
130 | [ 34 ] CVE-2018-4233 |
131 | https://nvd.nist.gov/vuln/detail/CVE-2018-4233 |
132 | [ 35 ] CVE-2018-4261 |
133 | https://nvd.nist.gov/vuln/detail/CVE-2018-4261 |
134 | [ 36 ] CVE-2018-4262 |
135 | https://nvd.nist.gov/vuln/detail/CVE-2018-4262 |
136 | [ 37 ] CVE-2018-4263 |
137 | https://nvd.nist.gov/vuln/detail/CVE-2018-4263 |
138 | [ 38 ] CVE-2018-4264 |
139 | https://nvd.nist.gov/vuln/detail/CVE-2018-4264 |
140 | [ 39 ] CVE-2018-4265 |
141 | https://nvd.nist.gov/vuln/detail/CVE-2018-4265 |
142 | [ 40 ] CVE-2018-4266 |
143 | https://nvd.nist.gov/vuln/detail/CVE-2018-4266 |
144 | [ 41 ] CVE-2018-4267 |
145 | https://nvd.nist.gov/vuln/detail/CVE-2018-4267 |
146 | [ 42 ] CVE-2018-4270 |
147 | https://nvd.nist.gov/vuln/detail/CVE-2018-4270 |
148 | [ 43 ] CVE-2018-4272 |
149 | https://nvd.nist.gov/vuln/detail/CVE-2018-4272 |
150 | [ 44 ] CVE-2018-4273 |
151 | https://nvd.nist.gov/vuln/detail/CVE-2018-4273 |
152 | [ 45 ] CVE-2018-4278 |
153 | https://nvd.nist.gov/vuln/detail/CVE-2018-4278 |
154 | [ 46 ] CVE-2018-4284 |
155 | https://nvd.nist.gov/vuln/detail/CVE-2018-4284 |
156 | [ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003 |
157 | https://webkitgtk.org/security/WSA-2018-0003.html |
158 | [ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004 |
159 | https://webkitgtk.org/security/WSA-2018-0004.html |
160 | [ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005 |
161 | https://webkitgtk.org/security/WSA-2018-0005.html |
162 | [ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006 |
163 | https://webkitgtk.org/security/WSA-2018-0006.html |
164 | |
165 | Availability |
166 | ============ |
167 | |
168 | This GLSA and any updates to it are available for viewing at |
169 | the Gentoo Security Website: |
170 | |
171 | https://security.gentoo.org/glsa/201808-04 |
172 | |
173 | Concerns? |
174 | ========= |
175 | |
176 | Security is a primary focus of Gentoo Linux and ensuring the |
177 | confidentiality and security of our users' machines is of utmost |
178 | importance to us. Any security concerns should be addressed to |
179 | security@g.o or alternatively, you may file a bug at |
180 | https://bugs.gentoo.org. |
181 | |
182 | License |
183 | ======= |
184 | |
185 | Copyright 2018 Gentoo Foundation, Inc; referenced text |
186 | belongs to its owner(s). |
187 | |
188 | The contents of this document are licensed under the |
189 | Creative Commons - Attribution / Share Alike license. |
190 | |
191 | https://creativecommons.org/licenses/by-sa/2.5 |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |