drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in WebkitGTK+
Name: |
Mehrere Probleme in WebkitGTK+ |
|
ID: |
201801-09 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Mo, 8. Januar 2018, 07:18 |
|
Referenzen: |
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7157
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13870
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13856
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7156
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13866 |
|
Applikationen: |
WebKitGTK |
|
Originalnachricht |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201801-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: January 07, 2018
Bugs: #641752
ID: 201801-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which may lead to arbitrary code execution.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.18.4:4 >= 2.18.4:4
Description
===========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the referenced CVE Identifiers for details.
Impact
======
An attacker, by enticing a user to visit maliciously crafted web
content, may be able to execute arbitrary code or cause memory
corruption.
Workaround
==========
There are no known workarounds at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.4:4"
References
==========
[ 1 ] CVE-2017-13856
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13856
[ 2 ] CVE-2017-13866
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13866
[ 3 ] CVE-2017-13870
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13870
[ 4 ] CVE-2017-7156
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7156
[ 5 ] CVE-2017-7157
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7157
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201801-09
Concerns?
=========
--nextPart3352910.VdQ3n2Tgcp--
--nextPart1524610.gC2UXH1Bdk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAlpStEkACgkQpRQw84X1
dt00+ggAm9U+YWSY5aAnAPu9/VnPGRmRJRfKLcvGkOLG6eMdYJC7BajSfDmJ0bv9
JC9/4CHY3PAHO/c+heAGggRH/gn7XMuamLNZuoWiE/3GH5XhY7hJduKzTiE1yTk5
y6fAgGmJhWtEDr//8Ra6X/kcz8B0osTaWwObTKbEL23f0+R2OUVWTdMMmRZGzgJi
yP+fdmQS9m5U9DdQauudfPi73g7V9Z2NDX1+KlsfxZ9D7XsL3kn1gzZvDCgnVkio
CmtsZYCfB1Dmw0DikB8Uz76kti848hWdyCzlhePiU25tjpT5DAPpGAkIMrPvMexa
ypT7fj+SalCQRf4p7Wlw/fcsHsk5gA==
=HFVH
-----END PGP SIGNATURE-----
--nextPart1524610.gC2UXH1Bdk--
|
|
|
|