Mehrere Probleme in WebkitGTK+
ID: | 201801-09 |
Distribution: | Gentoo |
Plattformen: | Keine Angabe |
Datum: | Mo, 8. Januar 2018, 07:18 |
Referenzen: | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7157
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13870 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13856 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7156 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13866 |
Applikationen: | WebKitGTK |
Originalnachricht |
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201801-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: January 07, 2018 Bugs: #641752 ID: 201801-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebkitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.18.4:4 >= 2.18.4:4 Description =========== Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the referenced CVE Identifiers for details. Impact ====== An attacker, by enticing a user to visit maliciously crafted web content, may be able to execute arbitrary code or cause memory corruption. Workaround ========== There are no known workarounds at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.4:4" References ========== [ 1 ] CVE-2017-13856 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13856 [ 2 ] CVE-2017-13866 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13866 [ 3 ] CVE-2017-13870 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13870 [ 4 ] CVE-2017-7156 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7156 [ 5 ] CVE-2017-7157 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7157 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201801-09 Concerns? ========= --nextPart3352910.VdQ3n2Tgcp-- --nextPart1524610.gC2UXH1Bdk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAlpStEkACgkQpRQw84X1 dt00+ggAm9U+YWSY5aAnAPu9/VnPGRmRJRfKLcvGkOLG6eMdYJC7BajSfDmJ0bv9 JC9/4CHY3PAHO/c+heAGggRH/gn7XMuamLNZuoWiE/3GH5XhY7hJduKzTiE1yTk5 y6fAgGmJhWtEDr//8Ra6X/kcz8B0osTaWwObTKbEL23f0+R2OUVWTdMMmRZGzgJi yP+fdmQS9m5U9DdQauudfPi73g7V9Z2NDX1+KlsfxZ9D7XsL3kn1gzZvDCgnVkio CmtsZYCfB1Dmw0DikB8Uz76kti848hWdyCzlhePiU25tjpT5DAPpGAkIMrPvMexa ypT7fj+SalCQRf4p7Wlw/fcsHsk5gA== =HFVH -----END PGP SIGNATURE----- --nextPart1524610.gC2UXH1Bdk-- |