[3.7] webkit2gtk: Multiple vulnerabilities (CVE-2018-4101, CVE-2018-4113, CVE…, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165) (#8767) · Issues · alpine / aports · GitLab

[3.7] webkit2gtk: Multiple vulnerabilities (CVE-2018-4101, CVE-2018-4113, CVE…, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165)

CVE-2018-4101

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4113

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Unexpected interaction with indexing types causing an ASSERT failure.
Description: An array indexing issue existed in the handling of a function in JavaScriptCore. This issue was addressed through improved checks.

CVE-2018-4114

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4117

Versions affected: WebKitGTK+ before 2.20.0.
Impact: A malicious website may exfiltrate data cross-origin.
Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation.

CVE-2018-4119

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4120

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4122

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4125

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4127

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4128

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4129

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4133

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack.
Description: A cross-site scripting issue existed in WebKit. This issue was addressed with improved URL validation.

CVE-2018-4146

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to a denial of service.
Description: A memory corruption issue was addressed through improved input validation.

CVE-2018-4161

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4162

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4163

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4165

Versions affected: WebKitGTK+ before 2.20.0.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed with improved memory handling.

References:

https://webkitgtk.org/security/WSA-2018-0003.html

(from redmine: issue id 8767, created on 2018-04-05, closed on 2018-07-30)

Relations:
- copied_to #8765 (closed)
- parent #8765 (closed)

### CVE-2018-4101

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4113

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Unexpected interaction with indexing types causing an ASSERT
failure.  
Description: An array indexing issue existed in the handling of a
function in JavaScriptCore. This issue was addressed through improved
checks.

### CVE-2018-4114

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4117

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: A malicious website may exfiltrate data cross-origin.  
Description: A cross-origin issue existed with the fetch API. This was
addressed through improved input validation.

### CVE-2018-4119

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4120

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4122

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4125

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4127

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4128

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4129

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4133

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Visiting a maliciously crafted website may lead to a cross- site
scripting attack.  
Description: A cross-site scripting issue existed in WebKit. This issue
was addressed with improved URL validation.

### CVE-2018-4146

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to a denial
of service.  
Description: A memory corruption issue was addressed through improved
input validation.

### CVE-2018-4161

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4162

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4163

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### CVE-2018-4165

Versions affected: WebKitGTK+ before 2.20.0.  
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.  
Description: Multiple memory corruption issues were addressed with
improved memory handling.

### References:

https://webkitgtk.org/security/WSA-2018-0003.html

*(from redmine: issue id 8767, created on 2018-04-05, closed on 2018-07-30)*

* Relations:
  * copied_to #8765
  * parent #8765

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information