Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in WebkitGTK+
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in WebkitGTK+
ID: 201801-09
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: Mo, 8. Januar 2018, 07:18
Referenzen: https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7157
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13870
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13856
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7156
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13866
Applikationen: WebkitGTK+

Originalnachricht

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory GLSA 201801-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: January 07, 2018
Bugs: #641752
ID: 201801-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which may lead to arbitrary code execution.

Background
==========

WebKitGTK+ is a full-featured port of the WebKit rendering engine.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.18.4:4 >= 2.18.4:4

Description
===========

Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the referenced CVE Identifiers for details.

Impact
======

An attacker, by enticing a user to visit maliciously crafted web
content, may be able to execute arbitrary code or cause memory
corruption.

Workaround
==========

There are no known workarounds at this time.

Resolution
==========

All WebkitGTK+ users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
">=net-libs/webkit-gtk-2.18.4:4"

References
==========

[ 1 ] CVE-2017-13856
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13856
[ 2 ] CVE-2017-13866
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13866
[ 3 ] CVE-2017-13870
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13870
[ 4 ] CVE-2017-7156
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7156
[ 5 ] CVE-2017-7157
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7157

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201801-09

Concerns?
=========
--nextPart3352910.VdQ3n2Tgcp--

--nextPart1524610.gC2UXH1Bdk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit

-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAlpStEkACgkQpRQw84X1
dt00+ggAm9U+YWSY5aAnAPu9/VnPGRmRJRfKLcvGkOLG6eMdYJC7BajSfDmJ0bv9
JC9/4CHY3PAHO/c+heAGggRH/gn7XMuamLNZuoWiE/3GH5XhY7hJduKzTiE1yTk5
y6fAgGmJhWtEDr//8Ra6X/kcz8B0osTaWwObTKbEL23f0+R2OUVWTdMMmRZGzgJi
yP+fdmQS9m5U9DdQauudfPi73g7V9Z2NDX1+KlsfxZ9D7XsL3kn1gzZvDCgnVkio
CmtsZYCfB1Dmw0DikB8Uz76kti848hWdyCzlhePiU25tjpT5DAPpGAkIMrPvMexa
ypT7fj+SalCQRf4p7Wlw/fcsHsk5gA==
=HFVH
-----END PGP SIGNATURE-----

--nextPart1524610.gC2UXH1Bdk--
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung