------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2018-0004 ------------------------------------------------------------------------ Date reported : May 07, 2018 Advisory ID : WSA-2018-0004 Advisory URL : https://webkitgtk.org/security/WSA-2018-0004.html CVE identifiers : CVE-2018-4121, CVE-2018-4200, CVE-2018-4204. Several vulnerabilities were discovered in WebKitGTK+. CVE-2018-4121 Versions affected: WebKitGTK+ before 2.20.0. Credit to Natalie Silvanovich of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4200 Versions affected: WebKitGTK+ before 2.20.2. Credit to Ivan Fratric of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. CVE-2018-4204 Versions affected: WebKitGTK+ before 2.20.1. Credit to Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative, found by OSS-Fuzz. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved memory handling. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, May 07, 2018
