Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201706-15 ] WebKitGTK+: Multiple vulnerabilities
Date: Wed, 07 Jun 2017 12:12:28
Message-Id: 7b460985-1a73-0bb7-a44d-97ed35ad1cc4@gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: WebKitGTK+: Multiple vulnerabilities
     Date: June 07, 2017
     Bugs: #543650, #573656, #577068, #608958, #614876, #619788
       ID: 201706-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which allows remote attackers to execute arbitrary code.

Background
==========

WebKitGTK+ is a full-featured port of the WebKit rendering engine.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  net-libs/webkit-gtk          < 2.16.3                  >= 2.16.3

Description
===========

Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.

Impact
======

A remote attack can use multiple vectors to execute arbitrary code or
cause a denial of service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All WebKitGTK+ users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"

References
==========

[  1 ] CVE-2015-2330
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330
[  2 ] CVE-2015-7096
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096
[  3 ] CVE-2015-7098
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098
[  4 ] CVE-2016-1723
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723
[  5 ] CVE-2016-1724
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724
[  6 ] CVE-2016-1725
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725
[  7 ] CVE-2016-1726
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726
[  8 ] CVE-2016-1727
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727
[  9 ] CVE-2016-1728
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728
[ 10 ] CVE-2016-4692
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692
[ 11 ] CVE-2016-4743
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743
[ 12 ] CVE-2016-7586
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586
[ 13 ] CVE-2016-7587
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587
[ 14 ] CVE-2016-7589
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589
[ 15 ] CVE-2016-7592
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592
[ 16 ] CVE-2016-7598
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598
[ 17 ] CVE-2016-7599
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599
[ 18 ] CVE-2016-7610
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610
[ 19 ] CVE-2016-7611
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611
[ 20 ] CVE-2016-7623
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623
[ 21 ] CVE-2016-7632
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632
[ 22 ] CVE-2016-7635
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635
[ 23 ] CVE-2016-7639
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639
[ 24 ] CVE-2016-7640
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640
[ 25 ] CVE-2016-7641
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641
[ 26 ] CVE-2016-7642
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642
[ 27 ] CVE-2016-7645
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645
[ 28 ] CVE-2016-7646
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646
[ 29 ] CVE-2016-7648
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648
[ 30 ] CVE-2016-7649
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649
[ 31 ] CVE-2016-7652
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652
[ 32 ] CVE-2016-7654
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654
[ 33 ] CVE-2016-7656
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656
[ 34 ] CVE-2016-9642
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642
[ 35 ] CVE-2016-9643
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643
[ 36 ] CVE-2017-2350
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350
[ 37 ] CVE-2017-2354
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354
[ 38 ] CVE-2017-2355
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355
[ 39 ] CVE-2017-2356
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356
[ 40 ] CVE-2017-2362
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362
[ 41 ] CVE-2017-2363
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363
[ 42 ] CVE-2017-2364
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364
[ 43 ] CVE-2017-2365
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365
[ 44 ] CVE-2017-2366
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366
[ 45 ] CVE-2017-2367
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367
[ 46 ] CVE-2017-2369
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369
[ 47 ] CVE-2017-2371
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371
[ 48 ] CVE-2017-2373
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373
[ 49 ] CVE-2017-2376
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376
[ 50 ] CVE-2017-2377
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377
[ 51 ] CVE-2017-2386
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386
[ 52 ] CVE-2017-2392
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392
[ 53 ] CVE-2017-2394
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394
[ 54 ] CVE-2017-2395
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395
[ 55 ] CVE-2017-2396
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396
[ 56 ] CVE-2017-2405
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405
[ 57 ] CVE-2017-2415
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415
[ 58 ] CVE-2017-2419
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419
[ 59 ] CVE-2017-2433
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433
[ 60 ] CVE-2017-2442
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442
[ 61 ] CVE-2017-2445
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445
[ 62 ] CVE-2017-2446
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446
[ 63 ] CVE-2017-2447
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447
[ 64 ] CVE-2017-2454
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454
[ 65 ] CVE-2017-2455
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455
[ 66 ] CVE-2017-2457
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457
[ 67 ] CVE-2017-2459
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459
[ 68 ] CVE-2017-2460
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460
[ 69 ] CVE-2017-2464
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464
[ 70 ] CVE-2017-2465
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465
[ 71 ] CVE-2017-2466
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466
[ 72 ] CVE-2017-2468
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468
[ 73 ] CVE-2017-2469
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469
[ 74 ] CVE-2017-2470
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470
[ 75 ] CVE-2017-2471
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471
[ 76 ] CVE-2017-2475
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475
[ 77 ] CVE-2017-2476
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476
[ 78 ] CVE-2017-2481
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481
[ 79 ] CVE-2017-2496
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496
[ 80 ] CVE-2017-2504
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504
[ 81 ] CVE-2017-2505
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505
[ 82 ] CVE-2017-2506
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506
[ 83 ] CVE-2017-2508
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508
[ 84 ] CVE-2017-2510
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510
[ 85 ] CVE-2017-2514
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514
[ 86 ] CVE-2017-2515
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515
[ 87 ] CVE-2017-2521
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521
[ 88 ] CVE-2017-2525
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525
[ 89 ] CVE-2017-2526
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526
[ 90 ] CVE-2017-2528
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528
[ 91 ] CVE-2017-2530
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530
[ 92 ] CVE-2017-2531
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531
[ 93 ] CVE-2017-2536
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536
[ 94 ] CVE-2017-2539
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539
[ 95 ] CVE-2017-2544
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544
[ 96 ] CVE-2017-2547
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547
[ 97 ] CVE-2017-2549
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549
[ 98 ] CVE-2017-6980
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980
[ 99 ] CVE-2017-6984
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201706-15

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@g.o or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature