Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <1522867580.22588.1@mail.igalia.com>
Date: Wed, 04 Apr 2018 13:46:20 -0500
From: Michael Catanzaro <mcatanzaro@...lia.com>
To: webkit-gtk@...ts.webkit.org
Cc: security@...kit.org, distributor-list@...me.org,
	oss-security@...ts.openwall.com, bugtraq@...urityfocus.com
Subject: WebKitGTK+ Security Advisory WSA-2018-0003

------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2018-0003
------------------------------------------------------------------------

Date reported : April 04, 2018
Advisory ID : WSA-2018-0003
Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html
CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114,
                     CVE-2018-4117, CVE-2018-4118, CVE-2018-4119,
                     CVE-2018-4120, CVE-2018-4122, CVE-2018-4125,
                     CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
                     CVE-2018-4133, CVE-2018-4146, CVE-2018-4161,
                     CVE-2018-4162, CVE-2018-4163, CVE-2018-4165.

Several vulnerabilities were discovered in WebKitGTK+.

CVE-2018-4101
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to Yuan Deng of Ant-financial Light-Year Security Lab.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4113
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to OSS-Fuzz.
    Impact: Unexpected interaction with indexing types causing an ASSERT
    failure. Description: An array indexing issue existed in the
    handling of a function in JavaScriptCore. This issue was addressed
    through improved checks.

CVE-2018-4114
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to OSS-Fuzz.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4117
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to an anonymous researcher.
    Impact: A malicious website may exfiltrate data cross-origin.
    Description: A cross-origin issue existed with the fetch API. This
    was addressed through improved input validation.

CVE-2018-4118
    Versions affected: WebKitGTK+ before 2.18.1.
    Credit to Jun Kokatsu (@shhnjk).
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4119
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to an anonymous researcher working with Trend Micro’s Zero
    Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4120
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4122
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4125
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4127
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to an anonymous researcher working with Trend Micro’s Zero
    Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4128
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to Zach Markley.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4129
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to likemeng of Baidu Security Lab working with Trend Micro's
    Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4133
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to Anton Lopanitsyn of Wallarm, Linus Särud of Detectify
    (detectify.com), Yuji Tounai of NTT Communications Corporation.
    Impact: Visiting a maliciously crafted website may lead to a cross-
    site scripting attack. Description: A cross-site scripting issue
    existed in WebKit. This issue was addressed with improved URL
    validation.

CVE-2018-4146
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to OSS-Fuzz.
    Impact: Processing maliciously crafted web content may lead to a
    denial of service. Description: A memory corruption issue was
    addressed through improved input validation.

CVE-2018-4161
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4162
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4163
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4165
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.


We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.

Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html

The WebKitGTK+ team,
April 04, 2018

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.