Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 649
    • Issues 649
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 180
    • Merge Requests 180
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #8767

Closed
Open
Opened Apr 05, 2018 by Alicha CH@alichaReporter
  • Report abuse
  • New issue
Report abuse New issue

[3.7] webkit2gtk: Multiple vulnerabilities (CVE-2018-4101, CVE-2018-4113, CVE…, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165)

CVE-2018-4101

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4113

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Unexpected interaction with indexing types causing an ASSERT failure.
Description: An array indexing issue existed in the handling of a function in JavaScriptCore. This issue was addressed through improved checks.

CVE-2018-4114

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4117

Versions affected: WebKitGTK+ before 2.20.0.
Impact: A malicious website may exfiltrate data cross-origin.
Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation.

CVE-2018-4119

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4120

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4122

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4125

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4127

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4128

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4129

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4133

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack.
Description: A cross-site scripting issue existed in WebKit. This issue was addressed with improved URL validation.

CVE-2018-4146

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to a denial of service.
Description: A memory corruption issue was addressed through improved input validation.

CVE-2018-4161

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4162

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4163

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4165

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

References:

https://webkitgtk.org/security/WSA-2018-0003.html

(from redmine: issue id 8767, created on 2018-04-05, closed on 2018-07-30)

  • Relations:
    • copied_to #8765 (closed)
    • parent #8765 (closed)
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.7.1
Milestone
3.7.1 (Past due)
Assign milestone
Time tracking
None
Due date
None
2
Labels
Normal type:bug
Assign labels
  • View project labels
Reference: alpine/aports#8767