[3.7] webkit2gtk: Multiple vulnerabilities (CVE-2018-4101, CVE-2018-4113, CVE…, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165) (#8767) · Issues · alpine / aports · GitLab

[3.7] webkit2gtk: Multiple vulnerabilities (CVE-2018-4101, CVE-2018-4113, CVE…, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165)

CVE-2018-4101

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4113

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Unexpected interaction with indexing types causing an ASSERT failure.
Description: An array indexing issue existed in the handling of a function in JavaScriptCore. This issue was addressed through improved checks.

CVE-2018-4114

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4117

Versions affected: WebKitGTK+ before 2.20.0.
Impact: A malicious website may exfiltrate data cross-origin.
Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation.

CVE-2018-4119

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4120

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4122

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4125

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4127

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4128

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4129

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4133

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack.
Description: A cross-site scripting issue existed in WebKit. This issue was addressed with improved URL validation.

CVE-2018-4146

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to a denial of service.
Description: A memory corruption issue was addressed through improved input validation.

CVE-2018-4161

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4162

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4163

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4165

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

References:

https://webkitgtk.org/security/WSA-2018-0003.html

(from redmine: issue id 8767, created on 2018-04-05, closed on 2018-07-30)

Relations:
- copied_to #8765 (closed)
- parent #8765 (closed)

### CVE-2018-4101

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4113

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Unexpected interaction with indexing types causing an ASSERT
failure.  
Description: An array indexing issue existed in the handling of a
function in JavaScriptCore. This issue was addressed through improved
checks.

### CVE-2018-4114

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4117

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: A malicious website may exfiltrate data cross-origin.  
Description: A cross-origin issue existed with the fetch API. This was
addressed through improved input validation.

### CVE-2018-4119

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4120

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4122

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4125

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4127

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4128

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4129

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4133

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Visiting a maliciously crafted website may lead to a cross- site
scripting attack.  
Description: A cross-site scripting issue existed in WebKit. This issue
was addressed with improved URL validation.

### CVE-2018-4146

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to a denial
of service.  
Description: A memory corruption issue was addressed through improved
input validation.

### CVE-2018-4161

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4162

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4163

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4165

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### References:

https://webkitgtk.org/security/WSA-2018-0003.html

*(from redmine: issue id 8767, created on 2018-04-05, closed on 2018-07-30)*

* Relations:
  * copied_to #8765
  * parent #8765

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.