WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory                WSA-2018-0005
------------------------------------------------------------------------

Date reported           : June 13, 2018
Advisory ID             : WSA-2018-0005
WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0005.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0005.html 
CVE identifiers         : CVE-2018-4190, CVE-2018-4192, CVE-2018-4199,
                         CVE-2018-4201, CVE-2018-4214, CVE-2018-4218,
                         CVE-2018-4222, CVE-2018-4232, CVE-2018-4233,
                         CVE-2018-11646, CVE-2018-11712,
                         CVE-2018-11713, CVE-2018-12293,
                         CVE-2018-12294.

Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.

CVE-2018-4190
   Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
   2.20.1.
   Credit to Jun Kokatsu (@shhnjk).
   Impact: Visiting a maliciously crafted website may leak sensitive
   data. Description: Credentials were unexpectedly sent when fetching
   CSS mask images. This was addressed by using a CORS-enabled fetch
   method.

CVE-2018-4192
   Versions affected: WebKitGTK+ before 2.20.1.
   Credit to Markus Gaasedelen, Nick Burnett, and Patrick Biernat of
   Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative.
   Impact: Processing maliciously crafted web content may lead to
   arbitrary code execution. Description: A race condition was
   addressed with improved locking.

CVE-2018-4199
   Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
   2.20.1.
   Credit to Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of
   MWR Labs working with Trend Micro's Zero Day Initiative.
   Impact: Processing maliciously crafted web content may lead to
   arbitrary code execution. Description: A buffer overflow issue was
   addressed with improved memory handling.

CVE-2018-4201
   Versions affected: WebKitGTK+ before 2.20.1.
   Credit to an anonymous researcher.
   Impact: Processing maliciously crafted web content may lead to
   arbitrary code execution. Description: Multiple memory corruption
   issues were addressed with improved memory handling.

CVE-2018-4214
   Versions affected: WebKitGTK+ before 2.20.0.
   Credit to OSS-Fuzz.
   Impact: Processing maliciously crafted web content may lead to an
   unexpected application crash. Description: A memory corruption issue
   was addressed with improved input validation.

CVE-2018-4218
   Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
   2.20.1.
   Credit to Natalie Silvanovich of Google Project Zero.
   Impact: Processing maliciously crafted web content may lead to
   arbitrary code execution. Description: Multiple memory corruption
   issues were addressed with improved memory handling.

CVE-2018-4222
   Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
   2.20.1.
   Credit to Natalie Silvanovich of Google Project Zero.
   Impact: Processing maliciously crafted web content may lead to
   arbitrary code execution. Description: An out-of-bounds read was
   addressed with improved input validation.

CVE-2018-4232
   Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
   2.20.1.
   Credit to Aymeric Chaib.
   Impact: Visiting a maliciously crafted website may lead to cookies
   being overwritten. Description: A permissions issue existed in the
   handling of web browser cookies. This issue was addressed with
   improved restrictions.

CVE-2018-4233
   Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
   2.20.1.
   Credit to Samuel Groß (@5aelo) working with Trend Micro's Zero Day
   Initiative.
   Impact: Processing maliciously crafted web content may lead to
   arbitrary code execution. Description: Multiple memory corruption
   issues were addressed with improved memory handling.

CVE-2018-11646
   Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
   2.20.1.
   Credit to Mishra Dhiraj.
   Maliciously crafted web content could trigger an application crash
   in WebKitFaviconDatabase, caused by mishandling unexpected input.

CVE-2018-11712
   Versions affected: WebKitGTK+ 2.20.0 and 2.20.1.
   Credit to Metrological Group B.V.
   The libsoup network backend of WebKit failed to perform TLS
   certificate verification for WebSocket connections.

CVE-2018-11713
   Versions affected: WebKitGTK+ before 2.20.0 or without libsoup
   2.62.0.
   Credit to Dirkjan Ochtman.
   The libsoup network backend of WebKit unexpectedly failed to use
   system proxy settings for WebSocket connections. As a result, users
   could be deanonymized by crafted web sites via a WebSocket
   connection.

CVE-2018-12293
   Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
   2.20.1.
   Credit to ADlab of Venustech.
   Maliciously crafted web content could achieve a heap buffer overflow
   in ImageBufferCairo by exploiting multiple integer overflow issues.

CVE-2018-12294
   Versions affected: WebKitGTK+ before 2.20.2.
   Credit to ADlab of Venustech.
   Maliciously crafted web content could trigger a use-after-free of a
   TextureMapperLayer object.


We recommend updating to the latest stable versions of WebKitGTK+ and
WPE WebKit. It is the best way to ensure that you are running a safe
version of WebKit. Please check our websites for information about the
latest stable releases.

Further information about WebKitGTK+ and WPE WebKit security advisories
can be found at https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.

The WebKitGTK+ and WPE WebKit team,
June 13, 2018
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux