[arch-security] [ASA-201609-2] webkit2gtk: multiple issues

Levente Polyak anthraxx at archlinux.org
Thu Sep 1 21:43:36 UTC 2016 

Arch Linux Security Advisory ASA-201609-2
=========================================

Severity: Critical
Date	: 2016-09-01
CVE-ID	: CVE-2016-4590 CVE-2016-4591 CVE-2016-4622 CVE-2016-4624
Package : webkit2gtk
Type	: multiple issues
Remote	: Yes
Link	: https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package webkit2gtk before version 2.12.4-1 is vulnerable to multiple
issues.

Resolution
==========

Upgrade to 2.12.4-1.

# pacman -Syu "webkit2gtk>=2.12.4-1"

The problems have been fixed upstream in version 2.12.4.

Workaround
==========

None.

Description
===========

- CVE-2016-4590 (same-origin policy bypass)

xisigr of Tencent’s Xuanwu Lab discovered a vulnerability in the way
webkit handles URLs, which allows remote attackers to bypass the Same
Origin Policy via a crafted web site.

- CVE-2016-4591 (arbitrary filesystem access)

ma.la of LINE Corporation discoveered a vulnerability in the way webkit
handles the location variable, which allows remote attackers to access
the local filesystem via unspecified vectors.

- CVE-2016-4622 (arbitrary code execution)

Samuel Gross working with Trend Micro’s Zero Day Initiative discovered a
vulnerability that  allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption) via a crafted web site.

- CVE-2016-4624 (arbitrary code execution)

Apple found a vulnerability that allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption) via a
crafted web site.

Impact
======

A remote attacker can execute arbitrary code, gain arbitrary filesystem
access, crash a target system or bypass same-origin policies on the
affected host.

References
==========

https://webkitgtk.org/security/WSA-2016-0005.html#CVE-2016-4591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4624

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160901/803766a1/attachment.asc>

More information about the arch-security mailing list