Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201706-15 ] WebKitGTK+: Multiple vulnerabilities
Date: Wed, 07 Jun 2017 12:12:28
Message-Id: 7b460985-1a73-0bb7-a44d-97ed35ad1cc4@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201706-15
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: WebKitGTK+: Multiple vulnerabilities
9 Date: June 07, 2017
10 Bugs: #543650, #573656, #577068, #608958, #614876, #619788
11 ID: 201706-15
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in WebKitGTK+, the worst of
19 which allows remote attackers to execute arbitrary code.
20
21 Background
22 ==========
23
24 WebKitGTK+ is a full-featured port of the WebKit rendering engine.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in WebKitGTK+. Please
38 review the CVE identifiers referenced below for details.
39
40 Impact
41 ======
42
43 A remote attack can use multiple vectors to execute arbitrary code or
44 cause a denial of service condition.
45
46 Workaround
47 ==========
48
49 There is no known workaround at this time.
50
51 Resolution
52 ==========
53
54 All WebKitGTK+ users should upgrade to the latest version:
55
56 # emerge --sync
57 # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"
58
59 References
60 ==========
61
62 [ 1 ] CVE-2015-2330
63 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330
64 [ 2 ] CVE-2015-7096
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096
66 [ 3 ] CVE-2015-7098
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098
68 [ 4 ] CVE-2016-1723
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723
70 [ 5 ] CVE-2016-1724
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724
72 [ 6 ] CVE-2016-1725
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725
74 [ 7 ] CVE-2016-1726
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726
76 [ 8 ] CVE-2016-1727
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727
78 [ 9 ] CVE-2016-1728
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728
80 [ 10 ] CVE-2016-4692
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692
82 [ 11 ] CVE-2016-4743
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743
84 [ 12 ] CVE-2016-7586
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586
86 [ 13 ] CVE-2016-7587
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587
88 [ 14 ] CVE-2016-7589
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589
90 [ 15 ] CVE-2016-7592
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592
92 [ 16 ] CVE-2016-7598
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598
94 [ 17 ] CVE-2016-7599
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599
96 [ 18 ] CVE-2016-7610
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610
98 [ 19 ] CVE-2016-7611
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611
100 [ 20 ] CVE-2016-7623
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623
102 [ 21 ] CVE-2016-7632
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632
104 [ 22 ] CVE-2016-7635
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635
106 [ 23 ] CVE-2016-7639
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639
108 [ 24 ] CVE-2016-7640
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640
110 [ 25 ] CVE-2016-7641
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641
112 [ 26 ] CVE-2016-7642
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642
114 [ 27 ] CVE-2016-7645
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645
116 [ 28 ] CVE-2016-7646
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646
118 [ 29 ] CVE-2016-7648
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648
120 [ 30 ] CVE-2016-7649
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649
122 [ 31 ] CVE-2016-7652
123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652
124 [ 32 ] CVE-2016-7654
125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654
126 [ 33 ] CVE-2016-7656
127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656
128 [ 34 ] CVE-2016-9642
129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642
130 [ 35 ] CVE-2016-9643
131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643
132 [ 36 ] CVE-2017-2350
133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350
134 [ 37 ] CVE-2017-2354
135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354
136 [ 38 ] CVE-2017-2355
137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355
138 [ 39 ] CVE-2017-2356
139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356
140 [ 40 ] CVE-2017-2362
141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362
142 [ 41 ] CVE-2017-2363
143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363
144 [ 42 ] CVE-2017-2364
145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364
146 [ 43 ] CVE-2017-2365
147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365
148 [ 44 ] CVE-2017-2366
149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366
150 [ 45 ] CVE-2017-2367
151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367
152 [ 46 ] CVE-2017-2369
153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369
154 [ 47 ] CVE-2017-2371
155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371
156 [ 48 ] CVE-2017-2373
157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373
158 [ 49 ] CVE-2017-2376
159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376
160 [ 50 ] CVE-2017-2377
161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377
162 [ 51 ] CVE-2017-2386
163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386
164 [ 52 ] CVE-2017-2392
165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392
166 [ 53 ] CVE-2017-2394
167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394
168 [ 54 ] CVE-2017-2395
169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395
170 [ 55 ] CVE-2017-2396
171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396
172 [ 56 ] CVE-2017-2405
173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405
174 [ 57 ] CVE-2017-2415
175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415
176 [ 58 ] CVE-2017-2419
177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419
178 [ 59 ] CVE-2017-2433
179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433
180 [ 60 ] CVE-2017-2442
181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442
182 [ 61 ] CVE-2017-2445
183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445
184 [ 62 ] CVE-2017-2446
185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446
186 [ 63 ] CVE-2017-2447
187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447
188 [ 64 ] CVE-2017-2454
189 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454
190 [ 65 ] CVE-2017-2455
191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455
192 [ 66 ] CVE-2017-2457
193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457
194 [ 67 ] CVE-2017-2459
195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459
196 [ 68 ] CVE-2017-2460
197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460
198 [ 69 ] CVE-2017-2464
199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464
200 [ 70 ] CVE-2017-2465
201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465
202 [ 71 ] CVE-2017-2466
203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466
204 [ 72 ] CVE-2017-2468
205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468
206 [ 73 ] CVE-2017-2469
207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469
208 [ 74 ] CVE-2017-2470
209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470
210 [ 75 ] CVE-2017-2471
211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471
212 [ 76 ] CVE-2017-2475
213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475
214 [ 77 ] CVE-2017-2476
215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476
216 [ 78 ] CVE-2017-2481
217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481
218 [ 79 ] CVE-2017-2496
219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496
220 [ 80 ] CVE-2017-2504
221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504
222 [ 81 ] CVE-2017-2505
223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505
224 [ 82 ] CVE-2017-2506
225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506
226 [ 83 ] CVE-2017-2508
227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508
228 [ 84 ] CVE-2017-2510
229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510
230 [ 85 ] CVE-2017-2514
231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514
232 [ 86 ] CVE-2017-2515
233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515
234 [ 87 ] CVE-2017-2521
235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521
236 [ 88 ] CVE-2017-2525
237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525
238 [ 89 ] CVE-2017-2526
239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526
240 [ 90 ] CVE-2017-2528
241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528
242 [ 91 ] CVE-2017-2530
243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530
244 [ 92 ] CVE-2017-2531
245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531
246 [ 93 ] CVE-2017-2536
247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536
248 [ 94 ] CVE-2017-2539
249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539
250 [ 95 ] CVE-2017-2544
251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544
252 [ 96 ] CVE-2017-2547
253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547
254 [ 97 ] CVE-2017-2549
255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549
256 [ 98 ] CVE-2017-6980
257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980
258 [ 99 ] CVE-2017-6984
259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984
260
261 Availability
262 ============
263
264 This GLSA and any updates to it are available for viewing at
265 the Gentoo Security Website:
266
267 https://security.gentoo.org/glsa/201706-15
268
269 Concerns?
270 =========
271
272 Security is a primary focus of Gentoo Linux and ensuring the
273 confidentiality and security of our users' machines is of utmost
274 importance to us. Any security concerns should be addressed to
275 security@g.o or alternatively, you may file a bug at
276 https://bugs.gentoo.org.
277
278 License
279 =======
280
281 Copyright 2017 Gentoo Foundation, Inc; referenced text
282 belongs to its owner(s).
283
284 The contents of this document are licensed under the
285 Creative Commons - Attribution / Share Alike license.
286
287 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups