------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2016-0001 ------------------------------------------------------------------------ Date reported : February 01, 2016 Advisory ID : WSA-2016-0001 Advisory URL : http://webkitgtk.org/security/WSA-2016-0001.html CVE identifiers : CVE-2015-7096, CVE-2015-7098. Several vulnerabilities were discovered on WebKitGTK+. CVE-2015-7096 Versions affected: WebKitGTK+ before 2.10.5. Credit to Apple. WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103. CVE-2015-7098 Versions affected: WebKitGTK+ before 2.10.5. Credit to Apple. WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, February 01, 2016