WebKitGTK+ versions prior to 2.12.3 and 2.12.1 suffer from memory corruption, code execution, information disclosure, and denial of service vulnerabilities.
ed3b878265e2eac705c28e5a41e795719a9e61d8a59b0c6cf7447c33a10a314d------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0004
------------------------------------------------------------------------
Date reported : May 30, 2016
Advisory ID : WSA-2016-0004
Advisory URL : http://webkitgtk.org/security/WSA-2016-0004.html
CVE identifiers : CVE-2016-1854, CVE-2016-1856, CVE-2016-1857,
CVE-2016-1858, CVE-2016-1859.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2016-1854
Versions affected: WebKitGTK+ before 2.12.1.
Credit to Anonymous working with Trend Micro's Zero Day Initiative.
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and
tvOS before 9.2.1, allows remote attackers to execute arbitrary code
or cause a denial of service (memory corruption) via a crafted web
site, a different vulnerability than CVE-2016-1855, CVE-2016-1856,
and CVE-2016-1857.
CVE-2016-1856
Versions affected: WebKitGTK+ before 2.12.1.
Credit to lokihardt working with Trend Micro's Zero Day Initiative.
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and
tvOS before 9.2.1, allows remote attackers to execute arbitrary code
or cause a denial of service (memory corruption) via a crafted web
site, a different vulnerability than CVE-2016-1854, CVE-2016-1855,
and CVE-2016-1857.
CVE-2016-1857
Versions affected: WebKitGTK+ before 2.12.3.
Credit to Jeonghoon Shin@A.D.D and Liang Chen, Zhen Feng, wushi of
KeenLab, Tencent working with Trend Micro's Zero Day Initiative.
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and
tvOS before 9.2.1, allows remote attackers to execute arbitrary code
or cause a denial of service (memory corruption) via a crafted web
site, a different vulnerability than CVE-2016-1854, CVE-2016-1855,
and CVE-2016-1856.
CVE-2016-1858
Versions affected: WebKitGTK+ before 2.12.0.
Credit to Anonymous.
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and
tvOS before 9.2.1, improperly tracks taint attributes, which allows
remote attackers to obtain sensitive information via a crafted web
site.
CVE-2016-1859
Versions affected: WebKitGTK+ before 2.12.1.
Credit to Liang Chen, wushi of KeenLab, Tencent working with Trend
Micro's Zero Day Initiative.
The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari
before 9.1.1, and tvOS before 9.2.1 allows remote attackers to
execute arbitrary code or cause a denial of service (memory
corruption) via a crafted web site.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
May 30, 2016
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed