ArchLinux: 201606-3: webkit2gtk: arbitrary code execution
Summary
WebKitGTK+ allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. Credit to Jeonghoon Shin@A.D.D and Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro’s Zero Day Initiative.
Resolution
Upgrade to 2.12.3-1.
# pacman -Syu "webkit2gtk>=2.12.3-1"
The problem has been fixed upstream in version 2.12.3.
References
https://webkitgtk.org/security/WSA-2016-0004.html https://access.redhat.com/security/cve/CVE-2016-1857
Workaround
None.