[3.8] webkit2gtk: Multiple vulnerabilities (CVE-2018-4101, CVE-2018-4113, CVE…, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165)
CVE-2018-4101
Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4113
Versions affected: WebKitGTK+ before 2.20.0.
Impact: Unexpected interaction with indexing types causing an ASSERT
failure.
Description: An array indexing issue existed in the handling of a
function in JavaScriptCore. This issue was addressed through improved
checks.
CVE-2018-4114
Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4117
Versions affected: WebKitGTK+ before 2.20.0.
Impact: A malicious website may exfiltrate data cross-origin.
Description: A cross-origin issue existed with the fetch API. This was
addressed through improved input validation.
CVE-2018-4119
Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4120
Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4122
Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4125
Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4127
Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4128
Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4129
Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4133
Versions affected: WebKitGTK+ before 2.20.0.
Impact: Visiting a maliciously crafted website may lead to a cross- site
scripting attack.
Description: A cross-site scripting issue existed in WebKit. This issue
was addressed with improved URL validation.
CVE-2018-4146
Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to a denial
of service.
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4161
Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4162
Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4163
Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2018-4165
Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
References:
https://webkitgtk.org/security/WSA-2018-0003.html
(from redmine: issue id 8766, created on 2018-04-05, closed on 2018-07-30)
- Relations:
- copied_to #8765 (closed)
- parent #8765 (closed)
- Changesets:
- Revision 0abe9d90 by Natanael Copa on 2018-06-19T12:28:18Z:
community/webkit2gtk: upgrade to 2.20.3
fixes #8766