[blfs-book] [BLFS Trac] #11374: webkitgtk-2.22.5 (CVE-2018-4372, 4437, 4438, 4441, 4442, 4443, 4464, 4345) (was: webkitgtk-2.22.5 (CVE-2018-4372, 4437, 4438, 4441, 4442, 4443, 4464))

BLFS Trac trac at linuxfromscratch.org
Tue Jan 1 09:38:29 PST 2019


#11374: webkitgtk-2.22.5 (CVE-2018-4372, 4437, 4438, 4441, 4442, 4443, 4464, 4345)
-------------------------+-----------------------
 Reporter:  renodr       |       Owner:  renodr
     Type:  enhancement  |      Status:  assigned
 Priority:  highest      |   Milestone:  8.4
Component:  BOOK         |     Version:  SVN
 Severity:  normal       |  Resolution:
 Keywords:               |
-------------------------+-----------------------
Changes (by renodr):

 * priority:  high => highest


Comment:

 {{{
 CVE-2018-4345

     Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
 2.22.1.
     Credit to an anonymous researcher.
     A cross-site scripting issue existed in WebKit. This issue was
 addressed with improved URL validation.

 CVE-2018-4372

     Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before
 2.22.2.
     Credit to HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
 Softsec Lab, Korea.
     Processing maliciously crafted web content may lead to arbitrary code
 execution. Multiple memory corruption issues were addressed with improved
 memory handling.

 CVE-2018-4386

     Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
 2.22.1.
     Credit to lokihardt of Google Project Zero.
     Processing maliciously crafted web content may lead to arbitrary code
 execution. Multiple memory corruption issues were addressed with improved
 memory handling.

 CVE-2018-4437

     Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before
 2.22.3.
     Credit to HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
 Softsec Lab, Korea.
     Processing maliciously crafted web content may lead to arbitrary code
 execution. Multiple memory corruption issues were addressed with improved
 memory handling.

 CVE-2018-4438

     Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
 2.22.1.
     Credit to lokihardt of Google Project Zero.
     Processing maliciously crafted web content may lead to arbitrary code
 execution. A logic issue existed resulting in memory corruption. This was
 addressed with improved state management.

 CVE-2018-4441

     Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
 2.22.1.
     Credit to lokihardt of Google Project Zero.
     Processing maliciously crafted web content may lead to arbitrary code
 execution. A memory corruption issue was addressed with improved memory
 handling.

 CVE-2018-4442

     Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
 2.22.1.
     Credit to lokihardt of Google Project Zero.
     Processing maliciously crafted web content may lead to arbitrary code
 execution. A memory corruption issue was addressed with improved memory
 handling.

 CVE-2018-4443

     Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
 2.22.1.
     Credit to lokihardt of Google Project Zero.
     Processing maliciously crafted web content may lead to arbitrary code
 execution. A memory corruption issue was addressed with improved memory
 handling.
 }}}

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/11374#comment:4>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch


More information about the blfs-book mailing list