Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 646
    • Issues 646
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 172
    • Merge Requests 172
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #8766

Closed
Open
Opened Apr 05, 2018 by Alicha CH@alichaReporter
  • Report abuse
  • New issue
Report abuse New issue

[3.8] webkit2gtk: Multiple vulnerabilities (CVE-2018-4101, CVE-2018-4113, CVE…, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165)

CVE-2018-4101

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4113

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Unexpected interaction with indexing types causing an ASSERT failure.
Description: An array indexing issue existed in the handling of a function in JavaScriptCore. This issue was addressed through improved checks.

CVE-2018-4114

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4117

Versions affected: WebKitGTK+ before 2.20.0.
Impact: A malicious website may exfiltrate data cross-origin.
Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation.

CVE-2018-4119

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4120

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4122

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4125

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4127

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4128

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4129

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4133

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack.
Description: A cross-site scripting issue existed in WebKit. This issue was addressed with improved URL validation.

CVE-2018-4146

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to a denial of service.
Description: A memory corruption issue was addressed through improved input validation.

CVE-2018-4161

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4162

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4163

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4165

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

References:

https://webkitgtk.org/security/WSA-2018-0003.html

(from redmine: issue id 8766, created on 2018-04-05, closed on 2018-07-30)

  • Relations:
    • copied_to #8765 (closed)
    • parent #8765 (closed)
  • Changesets:
    • Revision 0abe9d90 by Natanael Copa on 2018-06-19T12:28:18Z:
community/webkit2gtk: upgrade to 2.20.3

fixes #8766
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.8.0
Milestone
3.8.0 (Past due)
Assign milestone
Time tracking
None
Due date
None
3
Labels
Normal tag:security type:bug
Assign labels
  • View project labels
Reference: alpine/aports#8766