Project

General

Profile

Bug #6886

webkit2gtk: Several vulnerabilities (CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373)

Added by Alicha CH over 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
02/17/2017
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

CVE-2017-2350

Versions affected: WebKitGTK+ before 2.14.4.
Impact: Processing maliciously crafted web content may exfiltrate data cross-origin.
Description: A prototype access issue was addressed through improved exception handling.

CVE-2017-2354

Versions affected: WebKitGTK+ before 2.14.4.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2017-2355

Versions affected: WebKitGTK+ before 2.14.4.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: A memory initialization issue was addressed through improved memory handling.

CVE-2017-2356

Versions affected: WebKitGTK+ before 2.14.4.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2017-2362

Versions affected: WebKitGTK+ before 2.14.4.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2017-2363

Versions affected: WebKitGTK+ before 2.14.4.
Impact: Processing maliciously crafted web content may exfiltrate data cross-origin.
Description: Multiple validation issues existed in the handling of page loading.
This issue was addressed through improved logic.

CVE-2017-2364

Versions affected: WebKitGTK+ before 2.14.4.
Impact: Processing maliciously crafted web content may exfiltrate data cross-origin.
Description: Multiple validation issues existed in the handling of page loading.
This issue was addressed through improved logic.

CVE-2017-2365

Versions affected: WebKitGTK+ before 2.14.4.
Impact: Processing maliciously crafted web content may exfiltrate data cross-origin.
Description: A validation issue existed in variable handling.
This issue was addressed through improved validation.

CVE-2017-2366

Versions affected: WebKitGTK+ before 2.14.4.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2017-2369

Versions affected: WebKitGTK+ before 2.14.4.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2017-2371

Versions affected: WebKitGTK+ before 2.14.4.
Impact: A malicious website can open popups.
Description: An issue existed in the handling of blocking popups.
This was addressed through improved input validation.

CVE-2017-2373

Versions affected: WebKitGTK+ before 2.14.4.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
Description: Multiple memory corruption issues were addressed through improved memory handling.

Reference:

https://webkitgtk.org/security/WSA-2017-0002.html


Subtasks

Bug #6887: [3.6] webkit2gtk: Several vulnerabilities (CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373)Closed

Bug #6888: [3.5] webkit2gtk: Several vulnerabilities (CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373)Closed

History

#1 Updated by Alicha CH about 2 years ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from New to Closed

Also available in: Atom PDF