[3.8] webkit2gtk: Multiple vulnerabilities (CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-2018-12911)
CVE-2018-4246
Processing maliciously crafted web content may lead to arbitrary code
execution.
A type confusion issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
CVE-2018-4261
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
CVE-2018-4262
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
CVE-2018-4263
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
CVE-2018-4264
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
CVE-2018-4265
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
CVE-2018-4266
A malicious website may be able to cause a denial of service.
A race condition was addressed with additional validation.
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.2.
CVE-2018-4267
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
CVE-2018-4270
Processing maliciously crafted web content may lead to an unexpected
application crash.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
CVE-2018-4272
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
CVE-2018-4273
Processing maliciously crafted web content may lead to an unexpected
application crash.
A memory corruption issue was addressed with improved input
validation.
Versions affected: WebKitGTK+ before 2.20.4
CVE-2018-4278
A malicious website may exfiltrate audio data cross-origin. Sound
fetched through audio elements
may be exfiltrated cross-origin. This issue was addressed with improved
audio taint tracking.
Versions affected: WebKitGTK+ before 2.20.4
CVE-2018-4284
Processing maliciously crafted web content may lead to arbitrary code
execution.
A type confusion issue was addressed with improved memory handling
Versions affected: WebKitGTK+ before 2.20.4
.
CVE-2018-12911
Processing maliciously crafted web content may lead to arbitrary code
execution.
A buffer overflow issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
Reference:
https://webkitgtk.org/security/WSA-2018-0006.html
(from redmine: issue id 9453, created on 2018-09-21, closed on 2018-10-02)
- Relations:
- parent #9451 (closed)
- Changesets:
- Revision 0af1cbfd by Natanael Copa on 2018-09-27T08:22:24Z:
community/webkit2gtk: security upgrade to 2.20.4
CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263,
CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267,
CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278,
CVE-2018-4284, CVE-2018-12911
fixes #9453