BugTraq
WebKitGTK+ Security Advisory WSA-2017-0009 Nov 10 2017 04:48PM
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2017-0009
------------------------------------------------------------------------

Date reported : November 10, 2017
Advisory ID : WSA-2017-0009
Advisory URL : https://webkitgtk.org/security/WSA-2017-0009.html
CVE identifiers : CVE-2017-13783, CVE-2017-13784, CVE-2017-13785,
CVE-2017-13788, CVE-2017-13791, CVE-2017-13792,
CVE-2017-13793, CVE-2017-13794, CVE-2017-13795,
CVE-2017-13796, CVE-2017-13798, CVE-2017-13802,
CVE-2017-13803.

Several vulnerabilities were discovered in WebKitGTK+.

CVE-2017-13783
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2017-13784
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2017-13785
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2017-13788
Versions affected: WebKitGTK+ before 2.18.3.
Credit to xisigr of Tencent's Xuanwu Lab (tencent.com).
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2017-13791
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2017-13792
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2017-13793
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Hanul Choi working with Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2017-13794
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2017-13795
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2017-13796
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2017-13798
Versions affected: WebKitGTK+ before 2.18.3.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2017-13802
Versions affected: WebKitGTK+ before 2.18.1.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

CVE-2017-13803
Versions affected: WebKitGTK+ before 2.18.3.
Credit to chenqin (é??é?¦) of Ant-financial Light-Year Security.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.

We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.

Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html

The WebKitGTK+ team,
November 10, 2017

-----BEGIN PGP SIGNATURE-----
Comment: You can fetch my GnuPG key from http://key.neutrino.es

iQIzBAEBCgAdFiEEtdK1C8SOx/HukNmrllCJzmuV+IIFAloF2GIACgkQllCJzmuV
+IJqMw/7B9AMwSqg6OrscQks+CrmlkP2/baSF4tBUNuJBRCdJ4Hy3VUrsSxoVQrF
hRpfITPboeEWYrUq52takAqFUeAqI/GZH7vkMKQi1kZyyxgzCSbqOt9SHCTdlDfg
CPo1YlkmaTm6f1s1Xdh7ITELsFzkr28sDqMn6IzEjRklQ3erkyn2p11+HgKEdDJU
tF6xrKwiMK3XpmCrynlpsmlghfTsvvb9U0jch9F7r0PV5qxnEzGebmJrnh+oCq/X
++Lwl+EuPooso8WGsaEN87KH2ZDg2mW6jX2Eczs7gKuwmnLAp2nicWR0uCtP2A62
mKSihZwdOO35JEqb7Gn4WMx1Jna2m7Qtfp+sD1EpXXNjWz+0p+Xmyc4lXiQZbusG
cM/z3t7AMSzilWRQUaI/jTXGkp9d8nxKc7ZFHNCJljwdWfQwUf5/qMymotdBKzsj
XmBqdRpW/RlWaGv6ceURpkwtdfPiajDHbLgdX6RwfWka+q04NA3u9yF5vNbwVlPU
pmTTkXN9izVhXQoM34J2c66u6ieKGluKkKhM/lHamYcm6vOYgB9H9ElCVx/xgkAJ
OefWOCqkpuZVo56gVn5LjSVdO3XSz2Jsk8Xb5hrn/NzCs8HYoxMsU7HHOjdkia9G
cnE0miM29DaOIBKWFscPCRhNsnKwdFZN+pVSxoxht4vH1ySS0Mg=
=6EsF
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus