exploit the possibilities

WebKitGTK+ Code Execution / Denial Of Service / Memory Corruption

WebKitGTK+ Code Execution / Denial Of Service / Memory Corruption
Posted May 30, 2016
Authored by WebKitGTK+ Team

WebKitGTK+ versions prior to 2.12.3 and 2.12.1 suffer from memory corruption, code execution, information disclosure, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, info disclosure
advisories | CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859
MD5 | 02e17a3c1ed0edd30ea6d6ca3c01a2da

WebKitGTK+ Code Execution / Denial Of Service / Memory Corruption

Change Mirror Download
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0004
------------------------------------------------------------------------

Date reported : May 30, 2016
Advisory ID : WSA-2016-0004
Advisory URL : http://webkitgtk.org/security/WSA-2016-0004.html
CVE identifiers : CVE-2016-1854, CVE-2016-1856, CVE-2016-1857,
CVE-2016-1858, CVE-2016-1859.

Several vulnerabilities were discovered in WebKitGTK+.

CVE-2016-1854
Versions affected: WebKitGTK+ before 2.12.1.
Credit to Anonymous working with Trend Micro's Zero Day Initiative.
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and
tvOS before 9.2.1, allows remote attackers to execute arbitrary code
or cause a denial of service (memory corruption) via a crafted web
site, a different vulnerability than CVE-2016-1855, CVE-2016-1856,
and CVE-2016-1857.

CVE-2016-1856
Versions affected: WebKitGTK+ before 2.12.1.
Credit to lokihardt working with Trend Micro's Zero Day Initiative.
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and
tvOS before 9.2.1, allows remote attackers to execute arbitrary code
or cause a denial of service (memory corruption) via a crafted web
site, a different vulnerability than CVE-2016-1854, CVE-2016-1855,
and CVE-2016-1857.

CVE-2016-1857
Versions affected: WebKitGTK+ before 2.12.3.
Credit to Jeonghoon Shin@A.D.D and Liang Chen, Zhen Feng, wushi of
KeenLab, Tencent working with Trend Micro's Zero Day Initiative.
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and
tvOS before 9.2.1, allows remote attackers to execute arbitrary code
or cause a denial of service (memory corruption) via a crafted web
site, a different vulnerability than CVE-2016-1854, CVE-2016-1855,
and CVE-2016-1856.

CVE-2016-1858
Versions affected: WebKitGTK+ before 2.12.0.
Credit to Anonymous.
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and
tvOS before 9.2.1, improperly tracks taint attributes, which allows
remote attackers to obtain sensitive information via a crafted web
site.

CVE-2016-1859
Versions affected: WebKitGTK+ before 2.12.1.
Credit to Liang Chen, wushi of KeenLab, Tencent working with Trend
Micro's Zero Day Initiative.
The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari
before 9.1.1, and tvOS before 9.2.1 allows remote attackers to
execute arbitrary code or cause a denial of service (memory
corruption) via a crafted web site.


We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.

Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html

The WebKitGTK+ team,
May 30, 2016

Login or Register to add favorites

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close