|
Message-Id: <1528987730.4808.1@mail.igalia.com> Date: Thu, 14 Jun 2018 09:48:50 -0500 From: Michael Catanzaro <mcatanzaro@...lia.com> To: webkit-gtk@...ts.webkit.org, webkit-wpe@...ts.webkit.org Cc: security@...kit.org, distributor-list@...me.org, oss-security@...ts.openwall.com, bugtraq@...urityfocus.com Subject: WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 ------------------------------------------------------------------------ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 ------------------------------------------------------------------------ Date reported : June 13, 2018 Advisory ID : WSA-2018-0005 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0005.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0005.html CVE identifiers : CVE-2018-4190, CVE-2018-4192, CVE-2018-4199, CVE-2018-4201, CVE-2018-4214, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233, CVE-2018-11646, CVE-2018-11712, CVE-2018-11713, CVE-2018-12293, CVE-2018-12294. Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2018-4190 Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1. Credit to Jun Kokatsu (@shhnjk). Impact: Visiting a maliciously crafted website may leak sensitive data. Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. CVE-2018-4192 Versions affected: WebKitGTK+ before 2.20.1. Credit to Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A race condition was addressed with improved locking. CVE-2018-4199 Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1. Credit to Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4201 Versions affected: WebKitGTK+ before 2.20.1. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4214 Versions affected: WebKitGTK+ before 2.20.0. Credit to OSS-Fuzz. Impact: Processing maliciously crafted web content may lead to an unexpected application crash. Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4218 Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1. Credit to Natalie Silvanovich of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4222 Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1. Credit to Natalie Silvanovich of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4232 Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1. Credit to Aymeric Chaib. Impact: Visiting a maliciously crafted website may lead to cookies being overwritten. Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2018-4233 Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1. Credit to Samuel Groß (@5aelo) working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-11646 Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1. Credit to Mishra Dhiraj. Maliciously crafted web content could trigger an application crash in WebKitFaviconDatabase, caused by mishandling unexpected input. CVE-2018-11712 Versions affected: WebKitGTK+ 2.20.0 and 2.20.1. Credit to Metrological Group B.V. The libsoup network backend of WebKit failed to perform TLS certificate verification for WebSocket connections. CVE-2018-11713 Versions affected: WebKitGTK+ before 2.20.0 or without libsoup 2.62.0. Credit to Dirkjan Ochtman. The libsoup network backend of WebKit unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. CVE-2018-12293 Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1. Credit to ADlab of Venustech. Maliciously crafted web content could achieve a heap buffer overflow in ImageBufferCairo by exploiting multiple integer overflow issues. CVE-2018-12294 Versions affected: WebKitGTK+ before 2.20.2. Credit to ADlab of Venustech. Maliciously crafted web content could trigger a use-after-free of a TextureMapperLayer object. We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running a safe version of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK+ and WPE WebKit security advisories can be found at https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK+ and WPE WebKit team, June 13, 2018
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.