[gentoo-announce] [ GLSA 201712-01 ] WebKitGTK+: Multiple vulnerabilities - gentoo-announce

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201712-01 ] WebKitGTK+: Multiple vulnerabilities
Date:	Thu, 14 Dec 2017 17:03:09
Message-Id:	`e495c12d-288a-65ac-0354-e186af5d37c2@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201712-01

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: WebKitGTK+: Multiple vulnerabilities

9

     Date: December 14, 2017

10

     Bugs: #637076

11

       ID: 201712-01

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been discovered in WebKitGTK+, the worst

19

of which may lead to arbitrary code execution.

20

21

Background

22

==========

23

24

WebKitGTK+ is a full-featured port of the WebKit rendering engine,

25

suitable for projects requiring any kind of web integration, from

26

hybrid HTML/CSS applications to full-fledged web browsers.

27

28

Affected packages

29

=================

30

31

    -------------------------------------------------------------------

32

     Package              /     Vulnerable     /            Unaffected

33

    -------------------------------------------------------------------

34

  1  net-libs/webkit-gtk          < 2.18.3                  >= 2.18.3

35

36

Description

37

===========

38

39

Multiple vulnerabilities have been discovered in WebKitGTK+. Please

40

review the referenced CVE identifiers for details.

41

42

Impact

43

======

44

45

By enticing a victim to visit maliciously crafted web content, a remote

46

attacker could execute arbitrary code or cause a denial of service

47

condition.

48

49

Workaround

50

==========

51

52

There are no known workarounds at this time.

53

54

Resolution

55

==========

56

57

All WebKitGTK+ users should upgrade to the latest version:

58

59

  # emerge --sync

60

  # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.3"

61

62

References

63

==========

64

65

[  1 ] CVE-2017-13783

66

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13783

67

[  2 ] CVE-2017-13784

68

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13784

69

[  3 ] CVE-2017-13785

70

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13785

71

[  4 ] CVE-2017-13788

72

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13788

73

[  5 ] CVE-2017-13791

74

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13791

75

[  6 ] CVE-2017-13792

76

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13792

77

[  7 ] CVE-2017-13793

78

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13793

79

[  8 ] CVE-2017-13794

80

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13794

81

[  9 ] CVE-2017-13795

82

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13795

83

[ 10 ] CVE-2017-13796

84

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13796

85

[ 11 ] CVE-2017-13798

86

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13798

87

[ 12 ] CVE-2017-13802

88

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13802

89

[ 13 ] CVE-2017-13803

90

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13803

91

92

Availability

93

============

94

95

This GLSA and any updates to it are available for viewing at

96

the Gentoo Security Website:

97

98

 https://security.gentoo.org/glsa/201712-01

99

100

Concerns?

101

=========

102

103

Security is a primary focus of Gentoo Linux and ensuring the

104

confidentiality and security of our users' machines is of utmost

105

importance to us. Any security concerns should be addressed to

106

security@g.o or alternatively, you may file a bug at

107

https://bugs.gentoo.org.

108

109

License

110

=======

111

112

Copyright 2017 Gentoo Foundation, Inc; referenced text

113

belongs to its owner(s).

114

115

The contents of this document are licensed under the

116

Creative Commons - Attribution / Share Alike license.

117

118

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201712-01
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: WebKitGTK+: Multiple vulnerabilities
9	Date: December 14, 2017
10	Bugs: #637076
11	ID: 201712-01
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been discovered in WebKitGTK+, the worst
19	of which may lead to arbitrary code execution.
20
21	Background
22	==========
23
24	WebKitGTK+ is a full-featured port of the WebKit rendering engine,
25	suitable for projects requiring any kind of web integration, from
26	hybrid HTML/CSS applications to full-fledged web browsers.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 net-libs/webkit-gtk < 2.18.3 >= 2.18.3
35
36	Description
37	===========
38
39	Multiple vulnerabilities have been discovered in WebKitGTK+. Please
40	review the referenced CVE identifiers for details.
41
42	Impact
43	======
44
45	By enticing a victim to visit maliciously crafted web content, a remote
46	attacker could execute arbitrary code or cause a denial of service
47	condition.
48
49	Workaround
50	==========
51
52	There are no known workarounds at this time.
53
54	Resolution
55	==========
56
57	All WebKitGTK+ users should upgrade to the latest version:
58
59	# emerge --sync
60	# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.3"
61
62	References
63	==========
64
65	[ 1 ] CVE-2017-13783
66	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13783
67	[ 2 ] CVE-2017-13784
68	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13784
69	[ 3 ] CVE-2017-13785
70	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13785
71	[ 4 ] CVE-2017-13788
72	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13788
73	[ 5 ] CVE-2017-13791
74	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13791
75	[ 6 ] CVE-2017-13792
76	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13792
77	[ 7 ] CVE-2017-13793
78	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13793
79	[ 8 ] CVE-2017-13794
80	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13794
81	[ 9 ] CVE-2017-13795
82	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13795
83	[ 10 ] CVE-2017-13796
84	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13796
85	[ 11 ] CVE-2017-13798
86	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13798
87	[ 12 ] CVE-2017-13802
88	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13802
89	[ 13 ] CVE-2017-13803
90	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13803
91
92	Availability
93	============
94
95	This GLSA and any updates to it are available for viewing at
96	the Gentoo Security Website:
97
98	https://security.gentoo.org/glsa/201712-01
99
100	Concerns?
101	=========
102
103	Security is a primary focus of Gentoo Linux and ensuring the
104	confidentiality and security of our users' machines is of utmost
105	importance to us. Any security concerns should be addressed to
106	security@g.o or alternatively, you may file a bug at
107	https://bugs.gentoo.org.
108
109	License
110	=======
111
112	Copyright 2017 Gentoo Foundation, Inc; referenced text
113	belongs to its owner(s).
114
115	The contents of this document are licensed under the
116	Creative Commons - Attribution / Share Alike license.
117
118	http://creativecommons.org/licenses/by-sa/2.5