[arch-security] [ASA-201704-9] webkit2gtk: multiple issues
Remi Gacogne
rgacogne at archlinux.org
Fri Apr 28 10:14:22 UTC 2017
Arch Linux Security Advisory ASA-201704-9
=========================================
Severity: Critical
Date : 2017-04-28
CVE-ID : CVE-2016-9642 CVE-2016-9643 CVE-2017-2367 CVE-2017-2376
CVE-2017-2377 CVE-2017-2386 CVE-2017-2392 CVE-2017-2394
CVE-2017-2395 CVE-2017-2396 CVE-2017-2405 CVE-2017-2415
CVE-2017-2419 CVE-2017-2433 CVE-2017-2442 CVE-2017-2445
CVE-2017-2446 CVE-2017-2447 CVE-2017-2454 CVE-2017-2455
CVE-2017-2457 CVE-2017-2459 CVE-2017-2460 CVE-2017-2464
CVE-2017-2465 CVE-2017-2466 CVE-2017-2468 CVE-2017-2469
CVE-2017-2470 CVE-2017-2471 CVE-2017-2475 CVE-2017-2476
CVE-2017-2481
Package : webkit2gtk
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-235
Summary
=======
The package webkit2gtk before version 2.16.1-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, content spoofing, cross-site scripting, information disclosure,
same-origin policy bypass and denial of service.
Resolution
==========
Upgrade to 2.16.1-1.
# pacman -Syu "webkit2gtk>=2.16.1-1"
The problems have been fixed upstream in version 2.16.1.
Workaround
==========
None.
Description
===========
- CVE-2016-9642 (denial of service)
JavaScriptCore in WebKitGTK+ before 2.16.0 allows attackers to cause a
denial of service (out-of-bounds heap read) via a crafted Javascript
file.
- CVE-2016-9643 (denial of service)
The regex code in WebKitGTK+ before 2.14.6 allows remote attackers to
cause a denial of service (memory consumption) as demonstrated in a
large number of ($ (open parenthesis and dollar) followed by {-2,16}
and a large number of +) (plus close parenthesis).
- CVE-2017-2367 (same-origin policy bypass)
An issue has been found in WebKit, allowing remote attackers to bypass
the Same Origin Policy and obtain sensitive information via a crafted
web site.
- CVE-2017-2376 (content spoofing)
An issue has been found in WebKit, allowing remote attackers to spoof
the address bar by leveraging text input during the loading of a page.
- CVE-2017-2377 (denial of service)
This issue involves the “WebKit Web Inspector” component. It allows
attackers to cause a denial of service (memory corruption and
application crash) by leveraging a window-close action during a
debugger-pause state.
- CVE-2017-2386 (same-origin policy bypass)
An issue has been found in WebKit, allowing remote attackers to bypass
the Same Origin Policy and obtain sensitive information via a crafted
web site.
- CVE-2017-2392 (arbitrary code execution)
An issue has been found in WebKit, allowing attackers to execute
arbitrary code or cause a denial of service (memory corruption) via a
crafted app.
- CVE-2017-2394 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2395 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2396 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2405 (arbitrary code execution)
An issue has been found in the “WebKit Web Inspector” component. It
allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site.
- CVE-2017-2415 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code by leveraging an unspecified “type confusion.”.
- CVE-2017-2419 (access restriction bypass)
An issue has been found in WebKit, allowing remote attackers to bypass
a Content Security Policy protection mechanism via unspecified vectors.
- CVE-2017-2433 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2442 (same-origin policy bypass)
An issue has been found in WebKit, involving the “WebKit JavaScript
Bindings” component. It allows remote attackers to bypass the Same
Origin Policy and obtain sensitive information via a crafted web site.
- CVE-2017-2445 (cross-site scripting)
An issue has been found in WebKit, allowing remote attackers to conduct
Universal XSS (UXSS) attacks via crafted frame objects.
- CVE-2017-2446 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code via a crafted web site that leverages the mishandling of
strict mode functions.
- CVE-2017-2447 (information disclosure)
An issue has been found in WebKit, allowing remote attackers to obtain
sensitive information or cause a denial of service (memory corruption)
via a crafted web site.
- CVE-2017-2454 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2455 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2457 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2459 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2460 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2464 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2465 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2466 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2468 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2469 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2470 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2471 (arbitrary code execution)
A use-after-free vulnerability has been found in WebKit, allowing
remote attackers to execute arbitrary code via a crafted web site.
- CVE-2017-2475 (cross-site scripting)
An issue has been found in WebKit, allowing remote attackers to conduct
Universal XSS (UXSS) attacks via crafted use of frames on a web site.
- CVE-2017-2476 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2481 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
Impact
======
A remote attacker can bypass access restrictions, spoof content, access
sensitive information, cause a crash and execute arbitrary code on the
affected host.
References
==========
https://webkitgtk.org/security/WSA-2017-0003.html
https://security.archlinux.org/CVE-2016-9642
https://security.archlinux.org/CVE-2016-9643
https://security.archlinux.org/CVE-2017-2367
https://security.archlinux.org/CVE-2017-2376
https://security.archlinux.org/CVE-2017-2377
https://security.archlinux.org/CVE-2017-2386
https://security.archlinux.org/CVE-2017-2392
https://security.archlinux.org/CVE-2017-2394
https://security.archlinux.org/CVE-2017-2395
https://security.archlinux.org/CVE-2017-2396
https://security.archlinux.org/CVE-2017-2405
https://security.archlinux.org/CVE-2017-2415
https://security.archlinux.org/CVE-2017-2419
https://security.archlinux.org/CVE-2017-2433
https://security.archlinux.org/CVE-2017-2442
https://security.archlinux.org/CVE-2017-2445
https://security.archlinux.org/CVE-2017-2446
https://security.archlinux.org/CVE-2017-2447
https://security.archlinux.org/CVE-2017-2454
https://security.archlinux.org/CVE-2017-2455
https://security.archlinux.org/CVE-2017-2457
https://security.archlinux.org/CVE-2017-2459
https://security.archlinux.org/CVE-2017-2460
https://security.archlinux.org/CVE-2017-2464
https://security.archlinux.org/CVE-2017-2465
https://security.archlinux.org/CVE-2017-2466
https://security.archlinux.org/CVE-2017-2468
https://security.archlinux.org/CVE-2017-2469
https://security.archlinux.org/CVE-2017-2470
https://security.archlinux.org/CVE-2017-2471
https://security.archlinux.org/CVE-2017-2475
https://security.archlinux.org/CVE-2017-2476
https://security.archlinux.org/CVE-2017-2481
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20170428/07952337/attachment.asc>
More information about the arch-security
mailing list