Project

General

Profile

Bug #9453

Bug #9451: webkit2gtk: Multiple vulnerabilities (CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-2018-12911)

[3.8] webkit2gtk: Multiple vulnerabilities (CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-2018-12911)

Added by Alicha CH 7 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
09/21/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2018-4246

Processing maliciously crafted web content may lead to arbitrary code execution.
A type confusion issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4

CVE-2018-4261

Processing maliciously crafted web content may lead to arbitrary code execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4

CVE-2018-4262

Processing maliciously crafted web content may lead to arbitrary code execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4

CVE-2018-4263

Processing maliciously crafted web content may lead to arbitrary code execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4

CVE-2018-4264

Processing maliciously crafted web content may lead to arbitrary code execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4

CVE-2018-4265

Processing maliciously crafted web content may lead to arbitrary code execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4

CVE-2018-4266

A malicious website may be able to cause a denial of service.
A race condition was addressed with additional validation.
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2.

CVE-2018-4267

Processing maliciously crafted web content may lead to arbitrary code execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4

CVE-2018-4270

Processing maliciously crafted web content may lead to an unexpected application crash.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4

CVE-2018-4272

Processing maliciously crafted web content may lead to arbitrary code execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4

CVE-2018-4273

Processing maliciously crafted web content may lead to an unexpected application crash.
A memory corruption issue was addressed with improved input validation.
Versions affected: WebKitGTK+ before 2.20.4

CVE-2018-4278

A malicious website may exfiltrate audio data cross-origin. Sound fetched through audio elements
may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.
Versions affected: WebKitGTK+ before 2.20.4

CVE-2018-4284

Processing maliciously crafted web content may lead to arbitrary code execution.
A type confusion issue was addressed with improved memory handling
Versions affected: WebKitGTK+ before 2.20.4
.
CVE-2018-12911

Processing maliciously crafted web content may lead to arbitrary code execution.
A buffer overflow issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4

Reference:

https://webkitgtk.org/security/WSA-2018-0006.html

Associated revisions

Revision 0af1cbfd (diff)
Added by Natanael Copa 7 months ago

community/webkit2gtk: security upgrade to 2.20.4

CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263,
CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267,
CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278,
CVE-2018-4284, CVE-2018-12911

fixes #9453

History

#1 Updated by Natanael Copa 7 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH 7 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-2018-12911)

Also available in: Atom PDF