|
Message-ID: <54C6889F.10604@igalia.com>
Date: Mon, 26 Jan 2015 19:34:07 +0100
From: Carlos Alberto Lopez Perez <clopez@...lia.com>
To: webkit-gtk@...ts.webkit.org
CC: bugtraq@...urityfocus.com, oss-security@...ts.openwall.com
Subject: WebKitGTK+ Security Advisory WSA-2015-0001
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0001
------------------------------------------------------------------------
Date reported : January 26, 2015
Advisory ID : WSA-2015-0001
Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html
Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8.
CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298,
CVE-2014-1299, CVE-2014-1300, CVE-2014-1303,
CVE-2014-1304, CVE-2014-1305, CVE-2014-1307,
CVE-2014-1308, CVE-2014-1309, CVE-2014-1311,
CVE-2014-1313, CVE-2014-1713, CVE-2014-1297,
CVE-2013-2875, CVE-2013-2927, CVE-2014-1323,
CVE-2014-1326, CVE-2014-1329, CVE-2014-1330,
CVE-2014-1331, CVE-2014-1333, CVE-2014-1334,
CVE-2014-1335, CVE-2014-1336, CVE-2014-1337,
CVE-2014-1338, CVE-2014-1339, CVE-2014-1341,
CVE-2014-1342, CVE-2014-1343, CVE-2014-1731,
CVE-2014-1346, CVE-2014-1344, CVE-2014-1384,
CVE-2014-1385, CVE-2014-1387, CVE-2014-1388,
CVE-2014-1389, CVE-2014-1390.
Several vulnerabilities were discovered on the 2.4 stable series of
WebKitGTK+.
CVE-2013-2871
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to miaubiz.
Use-after-free vulnerability in Google Chrome before 28.0.1500.71
allows remote attackers to cause a denial of service or possibly
have unspecified other impact via vectors related to the handling of
input.
CVE-2014-1292
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than CVE-2014-1289,
CVE-2014-1290, CVE-2014-1291, CVE-2014-1293, and CVE-2014-1294.
CVE-2014-1298
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.
CVE-2014-1299
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team, Apple, Renata Hodovan of
University of Szeged / Samsung Electronics.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.
CVE-2014-1300
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Ian Beer of Google Project Zero working with HP's Zero Day
Initiative.
Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows
remote attackers to execute arbitrary code with root privileges via
unknown vectors, as demonstrated by Google during a Pwn4Fun
competition at CanSecWest 2014.
CVE-2014-1303
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to KeenTeam working with HP's Zero Day Initiative.
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote
attackers to execute arbitrary code and bypass a sandbox protection
mechanism via unspecified vectors, as demonstrated by Liang Chen
during a Pwn2Own competition at CanSecWest 2014.
CVE-2014-1304
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.
CVE-2014-1305
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.
CVE-2014-1307
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.
CVE-2014-1308
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.
CVE-2014-1309
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to cloudfuzzer.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.
CVE-2014-1311
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.
CVE-2014-1313
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-04-01-1.
CVE-2014-1713
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to VUPEN working with HP's Zero Day Initiative.
Use-after-free vulnerability in the AttributeSetter function in
bindings/templates/attributes.cpp in the bindings in Blink, as used
in Google Chrome before 33.0.1750.152 on OS X and Linux and before
33.0.1750.154 on Windows, allows remote attackers to cause a denial
of service or possibly have unspecified other impact via vectors
involving the document.location value.
CVE-2014-1297
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Ian Beer of Google Project Zero.
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3,
does not properly validate WebProcess IPC messages, which allows
remote attackers to bypass a sandbox protection mechanism and read
arbitrary files by leveraging WebProcess access.
CVE-2013-2875
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to miaubiz.
core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in
Blink, as used in Google Chrome before 28.0.1500.71, allows remote
attackers to cause a denial of service (out-of-bounds read) via
unspecified vectors.
CVE-2013-2927
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to cloudfuzzer.
Use-after-free vulnerability in the
HTMLFormElement::prepareForSubmission function in
core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome
before 30.0.1599.101, allows remote attackers to cause a denial of
service or possibly have unspecified other impact via vectors
related to submission for FORM elements.
CVE-2014-1323
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to banty.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.
CVE-2014-1326
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.
CVE-2014-1329
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.
CVE-2014-1330
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.
CVE-2014-1331
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to cloudfuzzer.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.
CVE-2014-1333
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.
CVE-2014-1334
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.
CVE-2014-1335
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.
CVE-2014-1336
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.
CVE-2014-1337
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.
CVE-2014-1338
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.
CVE-2014-1339
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Atte Kettunen of OUSPG.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.
CVE-2014-1341
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.
CVE-2014-1342
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.
CVE-2014-1343
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.
CVE-2014-1731
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to an anonymous member of the Blink development community.
core/html/HTMLSelectElement.cpp in the DOM implementation in Blink,
as used in Google Chrome before 34.0.1847.131 on Windows and OS X
and before 34.0.1847.132 on Linux, does not properly check renderer
state upon a focus event, which allows remote attackers to cause a
denial of service or possibly have unspecified other impact via
vectors that leverage "type confusion" for SELECT elements.
CVE-2014-1346
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Erling Ellingsen of Facebook.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
does not properly interpret Unicode encoding, which allows remote
attackers to spoof a postMessage origin, and bypass intended
restrictions on sending a message to a connected frame or window,
via crafted characters in a URL.
CVE-2014-1344
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Ian Beer of Google Project Zero.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1.
CVE-2014-1384
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.
CVE-2014-1385
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.
CVE-2014-1387
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Google Chrome Security Team.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.
CVE-2014-1388
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.
CVE-2014-1389
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.
CVE-2014-1390
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Apple.
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than other WebKit CVEs listed in
HT6367.
For the 2.4 series, these problems have been fixed in release 2.4.8.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
January 26, 2015
Download attachment "signature.asc" of type "application/pgp-signature" (884 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.