BugTraq
WebKitGTK+ Security Advisory WSA-2016-0001 Feb 01 2016 05:02PM
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2016-0001
------------------------------------------------------------------------

Date reported : February 01, 2016
Advisory ID : WSA-2016-0001
Advisory URL : http://webkitgtk.org/security/WSA-2016-0001.html
CVE identifiers : CVE-2015-7096, CVE-2015-7098.

Several vulnerabilities were discovered on WebKitGTK+.

CVE-2015-7096
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Apple.
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before
9.1 allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted web site, a different vulnerability than CVE-2015-7048,
CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099,
CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.

CVE-2015-7098
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Apple.
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before
9.1 allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted web site, a different vulnerability than CVE-2015-7048,
CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099,
CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.

We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.

Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html

The WebKitGTK+ team,
February 01, 2016

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: You can fetch my GnuPG key from http://key.neutrino.es

iQIcBAEBCgAGBQJWr4+kAAoJEJZQic5rlfiCfikQAJ9tDkwaVFVcq7Jm/1uLpKuV
iSgA06oLsy78w55Q7K+mVK+k5MKabLVpQ9c8jBCrK43saI+hV3NqclgtZmq++34e
LL2jO41rxIWO6JSDbv9R/xZzorBycC77ENWd+KgVfA9yz1oqv06j9b8d7P2+a8V/
IikHMeySP9vR0xL3cXHOn6zCzUQpTXV05H93WErsEJfhj/USOYH5W9n//a6ZLNNF
m6TiQrWvnrJuSg9djk50M+pqRDK7lzkBQ4+3ukNjLvxRw1ptGdd/SPcs8aigEr4L
GSgLJGQRzV3nxpD065PbejgmfZAe3U/b/DnN+na8PEeSwotTGsaA2BkkOAJf5LFd
JDmtjyyFuSxnp3mMDiskigcCBq7zImf4WfzyjLvK/7toipK+rUkF9qGO+eNJ6XTd
ow1ptmR8W8ugGSf39ry2st2u3UDcJMKBS6KvOOMaVJq7zZWEDWtrX8vNKrhbInWu
pnB+SM2VJFuhcZj9Pg0K5q+w7cDhRVesm3AT8UOJw84bvQw84jl9m0mIbmECzpoT
VDl3YIPQAEUQJ9Q+E1ZA+mGCPDvifYegN4+Obi+ZoHLGCFquf4WzOtwzBzqrDfZe
cDrrNd16bfGYHgmwXT/EAejYtltiu4mgAdMOWm+7qgQCSxjC01JZya6WYsMChKFQ
+r3yDrvn/h9s+N/fg492
=sVgu
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus