what you don't know can hurt you

WebKitGTK+ Code Execution / Denial Of Service / Memory Corruption

WebKitGTK+ Code Execution / Denial Of Service / Memory Corruption
Posted May 30, 2016
Authored by WebKitGTK+ Team

WebKitGTK+ versions prior to 2.12.3 and 2.12.1 suffer from memory corruption, code execution, information disclosure, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, info disclosure
advisories | CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859
MD5 | 02e17a3c1ed0edd30ea6d6ca3c01a2da

WebKitGTK+ Code Execution / Denial Of Service / Memory Corruption

Change Mirror Download
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0004
------------------------------------------------------------------------

Date reported : May 30, 2016
Advisory ID : WSA-2016-0004
Advisory URL : http://webkitgtk.org/security/WSA-2016-0004.html
CVE identifiers : CVE-2016-1854, CVE-2016-1856, CVE-2016-1857,
CVE-2016-1858, CVE-2016-1859.

Several vulnerabilities were discovered in WebKitGTK+.

CVE-2016-1854
Versions affected: WebKitGTK+ before 2.12.1.
Credit to Anonymous working with Trend Micro's Zero Day Initiative.
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and
tvOS before 9.2.1, allows remote attackers to execute arbitrary code
or cause a denial of service (memory corruption) via a crafted web
site, a different vulnerability than CVE-2016-1855, CVE-2016-1856,
and CVE-2016-1857.

CVE-2016-1856
Versions affected: WebKitGTK+ before 2.12.1.
Credit to lokihardt working with Trend Micro's Zero Day Initiative.
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and
tvOS before 9.2.1, allows remote attackers to execute arbitrary code
or cause a denial of service (memory corruption) via a crafted web
site, a different vulnerability than CVE-2016-1854, CVE-2016-1855,
and CVE-2016-1857.

CVE-2016-1857
Versions affected: WebKitGTK+ before 2.12.3.
Credit to Jeonghoon Shin@A.D.D and Liang Chen, Zhen Feng, wushi of
KeenLab, Tencent working with Trend Micro's Zero Day Initiative.
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and
tvOS before 9.2.1, allows remote attackers to execute arbitrary code
or cause a denial of service (memory corruption) via a crafted web
site, a different vulnerability than CVE-2016-1854, CVE-2016-1855,
and CVE-2016-1856.

CVE-2016-1858
Versions affected: WebKitGTK+ before 2.12.0.
Credit to Anonymous.
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and
tvOS before 9.2.1, improperly tracks taint attributes, which allows
remote attackers to obtain sensitive information via a crafted web
site.

CVE-2016-1859
Versions affected: WebKitGTK+ before 2.12.1.
Credit to Liang Chen, wushi of KeenLab, Tencent working with Trend
Micro's Zero Day Initiative.
The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari
before 9.1.1, and tvOS before 9.2.1 allows remote attackers to
execute arbitrary code or cause a denial of service (memory
corruption) via a crafted web site.


We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.

Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html

The WebKitGTK+ team,
May 30, 2016

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close