Arch Linux: 201704-9 Critical: Webkit2gtk Multiple Issues
Apr 28, 2017
•
LinuxSecurity Advisories
5 - 9 min read
The package webkit2gtk before version 2.16.1-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, content spoofing, cross-site scripting, information disclosure, same-origin policy bypass and denial of service.
Arch Linux Security Advisory ASA-201704-9
========================================
Severity: Critical
Date : 2017-04-28
CVE-ID : CVE-2016-9642 CVE-2016-9643 CVE-2017-2367 CVE-2017-2376
CVE-2017-2377 CVE-2017-2386 CVE-2017-2392 CVE-2017-2394
CVE-2017-2395 CVE-2017-2396 CVE-2017-2405 CVE-2017-2415
CVE-2017-2419 CVE-2017-2433 CVE-2017-2442 CVE-2017-2445
CVE-2017-2446 CVE-2017-2447 CVE-2017-2454 CVE-2017-2455
CVE-2017-2457 CVE-2017-2459 CVE-2017-2460 CVE-2017-2464
CVE-2017-2465 CVE-2017-2466 CVE-2017-2468 CVE-2017-2469
CVE-2017-2470 CVE-2017-2471 CVE-2017-2475 CVE-2017-2476
CVE-2017-2481
Package : webkit2gtk
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-235
Summary
======
The package webkit2gtk before version 2.16.1-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, content spoofing, cross-site scripting, information disclosure,
same-origin policy bypass and denial of service.
Resolution
=========
Upgrade to 2.16.1-1.
# pacman -Syu "webkit2gtk>=2.16.1-1"
The problems have been fixed upstream in version 2.16.1.
Workaround
=========
None.
Description
==========
- CVE-2016-9642 (denial of service)
JavaScriptCore in WebKitGTK+ before 2.16.0 allows attackers to cause a
denial of service (out-of-bounds heap read) via a crafted Javascript
file.
- CVE-2016-9643 (denial of service)
The regex code in WebKitGTK+ before 2.14.6 allows remote attackers to
cause a denial of service (memory consumption) as demonstrated in a
large number of ($ (open parenthesis and dollar) followed by {-2,16}
and a large number of +) (plus close parenthesis).
- CVE-2017-2367 (same-origin policy bypass)
An issue has been found in WebKit, allowing remote attackers to bypass
the Same Origin Policy and obtain sensitive information via a crafted
web site.
- CVE-2017-2376 (content spoofing)
An issue has been found in WebKit, allowing remote attackers to spoof
the address bar by leveraging text input during the loading of a page.
- CVE-2017-2377 (denial of service)
This issue involves the “WebKit Web Inspector†component. It allows
attackers to cause a denial of service (memory corruption and
application crash) by leveraging a window-close action during a
debugger-pause state.
- CVE-2017-2386 (same-origin policy bypass)
An issue has been found in WebKit, allowing remote attackers to bypass
the Same Origin Policy and obtain sensitive information via a crafted
web site.
- CVE-2017-2392 (arbitrary code execution)
An issue has been found in WebKit, allowing attackers to execute
arbitrary code or cause a denial of service (memory corruption) via a
crafted app.
- CVE-2017-2394 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2395 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2396 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2405 (arbitrary code execution)
An issue has been found in the “WebKit Web Inspector†component. It
allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site.
- CVE-2017-2415 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code by leveraging an unspecified “type confusion.â€.
- CVE-2017-2419 (access restriction bypass)
An issue has been found in WebKit, allowing remote attackers to bypass
a Content Security Policy protection mechanism via unspecified vectors.
- CVE-2017-2433 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2442 (same-origin policy bypass)
An issue has been found in WebKit, involving the “WebKit JavaScript
Bindings†component. It allows remote attackers to bypass the Same
Origin Policy and obtain sensitive information via a crafted web site.
- CVE-2017-2445 (cross-site scripting)
An issue has been found in WebKit, allowing remote attackers to conduct
Universal XSS (UXSS) attacks via crafted frame objects.
- CVE-2017-2446 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code via a crafted web site that leverages the mishandling of
strict mode functions.
- CVE-2017-2447 (information disclosure)
An issue has been found in WebKit, allowing remote attackers to obtain
sensitive information or cause a denial of service (memory corruption)
via a crafted web site.
- CVE-2017-2454 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2455 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2457 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2459 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2460 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2464 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2465 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2466 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2468 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2469 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2470 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2471 (arbitrary code execution)
A use-after-free vulnerability has been found in WebKit, allowing
remote attackers to execute arbitrary code via a crafted web site.
- CVE-2017-2475 (cross-site scripting)
An issue has been found in WebKit, allowing remote attackers to conduct
Universal XSS (UXSS) attacks via crafted use of frames on a web site.
- CVE-2017-2476 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2481 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
Impact
=====
A remote attacker can bypass access restrictions, spoof content, access
sensitive information, cause a crash and execute arbitrary code on the
affected host.
References
=========
https://webkitgtk.org/security/WSA-2017-0003.html
https://security.archlinux.org/CVE-2016-9642
https://security.archlinux.org/CVE-2016-9643
https://security.archlinux.org/CVE-2017-2367
https://security.archlinux.org/CVE-2017-2376
https://security.archlinux.org/CVE-2017-2377
https://security.archlinux.org/CVE-2017-2386
https://security.archlinux.org/CVE-2017-2392
https://security.archlinux.org/CVE-2017-2394
https://security.archlinux.org/CVE-2017-2395
https://security.archlinux.org/CVE-2017-2396
https://security.archlinux.org/CVE-2017-2405
https://security.archlinux.org/CVE-2017-2415
https://security.archlinux.org/CVE-2017-2419
https://security.archlinux.org/CVE-2017-2433
https://security.archlinux.org/CVE-2017-2442
https://security.archlinux.org/CVE-2017-2445
https://security.archlinux.org/CVE-2017-2446
https://security.archlinux.org/CVE-2017-2447
https://security.archlinux.org/CVE-2017-2454
https://security.archlinux.org/CVE-2017-2455
https://security.archlinux.org/CVE-2017-2457
https://security.archlinux.org/CVE-2017-2459
https://security.archlinux.org/CVE-2017-2460
https://security.archlinux.org/CVE-2017-2464
https://security.archlinux.org/CVE-2017-2465
https://security.archlinux.org/CVE-2017-2466
https://security.archlinux.org/CVE-2017-2468
https://security.archlinux.org/CVE-2017-2469
https://security.archlinux.org/CVE-2017-2470
https://security.archlinux.org/CVE-2017-2471
https://security.archlinux.org/CVE-2017-2475
https://security.archlinux.org/CVE-2017-2476
https://security.archlinux.org/CVE-2017-2481
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!