WebKitGTK+ Security Advisory WSA-2018-0004

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



------------------------------------------------------------------------
WebKitGTK+ Security Advisory                               WSA-2018-0004
------------------------------------------------------------------------

Date reported      : May 07, 2018
Advisory ID        : WSA-2018-0004
Advisory URL       : https://webkitgtk.org/security/WSA-2018-0004.html
CVE identifiers    : CVE-2018-4121, CVE-2018-4200, CVE-2018-4204.

Several vulnerabilities were discovered in WebKitGTK+.

CVE-2018-4121
   Versions affected: WebKitGTK+ before 2.20.0.
   Credit to Natalie Silvanovich of Google Project Zero.
   Impact: Processing maliciously crafted web content may lead to
   arbitrary code execution. Description: Multiple memory corruption
   issues were addressed with improved memory handling.

CVE-2018-4200
   Versions affected: WebKitGTK+ before 2.20.2.
   Credit to Ivan Fratric of Google Project Zero.
   Impact: Processing maliciously crafted web content may lead to
   arbitrary code execution. Description: A memory corruption issue was
   addressed with improved state management.

CVE-2018-4204
   Versions affected: WebKitGTK+ before 2.20.1.
   Credit to Richard Zhu (fluorescence) working with Trend Micro's Zero
   Day Initiative, found by OSS-Fuzz.
   Impact: Processing maliciously crafted web content may lead to
   arbitrary code execution. Description: A memory corruption issue was
   addressed with improved memory handling.


We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.

Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html

The WebKitGTK+ team,
May 07, 2018




[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux