Arch Linux Security Advisory ASA-201704-9
========================================
Severity: Critical
Date    : 2017-04-28
CVE-ID  : CVE-2016-9642 CVE-2016-9643 CVE-2017-2367 CVE-2017-2376
          CVE-2017-2377 CVE-2017-2386 CVE-2017-2392 CVE-2017-2394
          CVE-2017-2395 CVE-2017-2396 CVE-2017-2405 CVE-2017-2415
          CVE-2017-2419 CVE-2017-2433 CVE-2017-2442 CVE-2017-2445
          CVE-2017-2446 CVE-2017-2447 CVE-2017-2454 CVE-2017-2455
          CVE-2017-2457 CVE-2017-2459 CVE-2017-2460 CVE-2017-2464
          CVE-2017-2465 CVE-2017-2466 CVE-2017-2468 CVE-2017-2469
          CVE-2017-2470 CVE-2017-2471 CVE-2017-2475 CVE-2017-2476
          CVE-2017-2481
Package : webkit2gtk
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-235

Summary
======
The package webkit2gtk before version 2.16.1-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, content spoofing, cross-site scripting, information disclosure,
same-origin policy bypass and denial of service.

Resolution
=========
Upgrade to 2.16.1-1.

# pacman -Syu "webkit2gtk>=2.16.1-1"

The problems have been fixed upstream in version 2.16.1.

Workaround
=========
None.

Description
==========
- CVE-2016-9642 (denial of service)

JavaScriptCore in WebKitGTK+ before 2.16.0 allows attackers to cause a
denial of service (out-of-bounds heap read) via a crafted Javascript
file.

- CVE-2016-9643 (denial of service)

The regex code in WebKitGTK+ before 2.14.6 allows remote attackers to
cause a denial of service (memory consumption) as demonstrated in a
large number of ($ (open parenthesis and dollar) followed by {-2,16}
and a large number of +) (plus close parenthesis).

- CVE-2017-2367 (same-origin policy bypass)

An issue has been found in WebKit, allowing remote attackers to bypass
the Same Origin Policy and obtain sensitive information via a crafted
web site.

- CVE-2017-2376 (content spoofing)

An issue has been found in WebKit, allowing remote attackers to spoof
the address bar by leveraging text input during the loading of a page.

- CVE-2017-2377 (denial of service)

This issue involves the “WebKit Web Inspector” component. It allows
attackers to cause a denial of service (memory corruption and
application crash) by leveraging a window-close action during a
debugger-pause state.

- CVE-2017-2386 (same-origin policy bypass)

An issue has been found in WebKit, allowing remote attackers to bypass
the Same Origin Policy and obtain sensitive information via a crafted
web site.

- CVE-2017-2392 (arbitrary code execution)

An issue has been found in WebKit, allowing attackers to execute
arbitrary code or cause a denial of service (memory corruption) via a
crafted app.

- CVE-2017-2394 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

- CVE-2017-2395 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

- CVE-2017-2396 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

- CVE-2017-2405 (arbitrary code execution)

An issue has been found in the “WebKit Web Inspector” component. It
allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site.

- CVE-2017-2415 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code by leveraging an unspecified “type confusion.”.

- CVE-2017-2419 (access restriction bypass)

An issue has been found in WebKit, allowing remote attackers to bypass
a Content Security Policy protection mechanism via unspecified vectors.

- CVE-2017-2433 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

- CVE-2017-2442 (same-origin policy bypass)

An issue has been found in WebKit, involving the “WebKit JavaScript
Bindings” component. It allows remote attackers to bypass the Same
Origin Policy and obtain sensitive information via a crafted web site.

- CVE-2017-2445 (cross-site scripting)

An issue has been found in WebKit, allowing remote attackers to conduct
Universal XSS (UXSS) attacks via crafted frame objects.

- CVE-2017-2446 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code via a crafted web site that leverages the mishandling of
strict mode functions.

- CVE-2017-2447 (information disclosure)

An issue has been found in WebKit, allowing remote attackers to obtain
sensitive information or cause a denial of service (memory corruption)
via a crafted web site.

- CVE-2017-2454 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

- CVE-2017-2455 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

- CVE-2017-2457 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

- CVE-2017-2459 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

- CVE-2017-2460 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

- CVE-2017-2464 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

- CVE-2017-2465 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

- CVE-2017-2466 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

- CVE-2017-2468 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

- CVE-2017-2469 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

- CVE-2017-2470 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

- CVE-2017-2471 (arbitrary code execution)

A use-after-free vulnerability has been found in WebKit, allowing
remote attackers to execute arbitrary code via a crafted web site.

- CVE-2017-2475 (cross-site scripting)

An issue has been found in WebKit, allowing remote attackers to conduct
Universal XSS (UXSS) attacks via crafted use of frames on a web site.

- CVE-2017-2476 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

- CVE-2017-2481 (arbitrary code execution)

An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

Impact
=====
A remote attacker can bypass access restrictions, spoof content, access
sensitive information, cause a crash and execute arbitrary code on the
affected host.

References
=========
https://webkitgtk.org/security/WSA-2017-0003.html
https://security.archlinux.org/CVE-2016-9642
https://security.archlinux.org/CVE-2016-9643
https://security.archlinux.org/CVE-2017-2367
https://security.archlinux.org/CVE-2017-2376
https://security.archlinux.org/CVE-2017-2377
https://security.archlinux.org/CVE-2017-2386
https://security.archlinux.org/CVE-2017-2392
https://security.archlinux.org/CVE-2017-2394
https://security.archlinux.org/CVE-2017-2395
https://security.archlinux.org/CVE-2017-2396
https://security.archlinux.org/CVE-2017-2405
https://security.archlinux.org/CVE-2017-2415
https://security.archlinux.org/CVE-2017-2419
https://security.archlinux.org/CVE-2017-2433
https://security.archlinux.org/CVE-2017-2442
https://security.archlinux.org/CVE-2017-2445
https://security.archlinux.org/CVE-2017-2446
https://security.archlinux.org/CVE-2017-2447
https://security.archlinux.org/CVE-2017-2454
https://security.archlinux.org/CVE-2017-2455
https://security.archlinux.org/CVE-2017-2457
https://security.archlinux.org/CVE-2017-2459
https://security.archlinux.org/CVE-2017-2460
https://security.archlinux.org/CVE-2017-2464
https://security.archlinux.org/CVE-2017-2465
https://security.archlinux.org/CVE-2017-2466
https://security.archlinux.org/CVE-2017-2468
https://security.archlinux.org/CVE-2017-2469
https://security.archlinux.org/CVE-2017-2470
https://security.archlinux.org/CVE-2017-2471
https://security.archlinux.org/CVE-2017-2475
https://security.archlinux.org/CVE-2017-2476
https://security.archlinux.org/CVE-2017-2481

ArchLinux: 201704-9: webkit2gtk: multiple issues

April 28, 2017

Summary

- CVE-2016-9642 (denial of service) JavaScriptCore in WebKitGTK+ before 2.16.0 allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file.
- CVE-2016-9643 (denial of service)
The regex code in WebKitGTK+ before 2.14.6 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).
- CVE-2017-2367 (same-origin policy bypass)
An issue has been found in WebKit, allowing remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
- CVE-2017-2376 (content spoofing)
An issue has been found in WebKit, allowing remote attackers to spoof the address bar by leveraging text input during the loading of a page.
- CVE-2017-2377 (denial of service)
This issue involves the “WebKit Web Inspector” component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state.
- CVE-2017-2386 (same-origin policy bypass)
An issue has been found in WebKit, allowing remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
- CVE-2017-2392 (arbitrary code execution)
An issue has been found in WebKit, allowing attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
- CVE-2017-2394 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2395 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2396 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2405 (arbitrary code execution)
An issue has been found in the “WebKit Web Inspector” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2415 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code by leveraging an unspecified “type confusion.”.
- CVE-2017-2419 (access restriction bypass)
An issue has been found in WebKit, allowing remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors.
- CVE-2017-2433 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2442 (same-origin policy bypass)
An issue has been found in WebKit, involving the “WebKit JavaScript Bindings” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
- CVE-2017-2445 (cross-site scripting)
An issue has been found in WebKit, allowing remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects.
- CVE-2017-2446 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions.
- CVE-2017-2447 (information disclosure)
An issue has been found in WebKit, allowing remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site.
- CVE-2017-2454 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2455 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2457 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2459 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2460 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2464 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2465 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2466 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2468 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2469 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2470 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2471 (arbitrary code execution)
A use-after-free vulnerability has been found in WebKit, allowing remote attackers to execute arbitrary code via a crafted web site.
- CVE-2017-2475 (cross-site scripting)
An issue has been found in WebKit, allowing remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site.
- CVE-2017-2476 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2017-2481 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Resolution

Upgrade to 2.16.1-1. # pacman -Syu "webkit2gtk>=2.16.1-1"
The problems have been fixed upstream in version 2.16.1.

References

https://webkitgtk.org/security/WSA-2017-0003.html https://security.archlinux.org/CVE-2016-9642 https://security.archlinux.org/CVE-2016-9643 https://security.archlinux.org/CVE-2017-2367 https://security.archlinux.org/CVE-2017-2376 https://security.archlinux.org/CVE-2017-2377 https://security.archlinux.org/CVE-2017-2386 https://security.archlinux.org/CVE-2017-2392 https://security.archlinux.org/CVE-2017-2394 https://security.archlinux.org/CVE-2017-2395 https://security.archlinux.org/CVE-2017-2396 https://security.archlinux.org/CVE-2017-2405 https://security.archlinux.org/CVE-2017-2415 https://security.archlinux.org/CVE-2017-2419 https://security.archlinux.org/CVE-2017-2433 https://security.archlinux.org/CVE-2017-2442 https://security.archlinux.org/CVE-2017-2445 https://security.archlinux.org/CVE-2017-2446 https://security.archlinux.org/CVE-2017-2447 https://security.archlinux.org/CVE-2017-2454 https://security.archlinux.org/CVE-2017-2455 https://security.archlinux.org/CVE-2017-2457 https://security.archlinux.org/CVE-2017-2459 https://security.archlinux.org/CVE-2017-2460 https://security.archlinux.org/CVE-2017-2464 https://security.archlinux.org/CVE-2017-2465 https://security.archlinux.org/CVE-2017-2466 https://security.archlinux.org/CVE-2017-2468 https://security.archlinux.org/CVE-2017-2469 https://security.archlinux.org/CVE-2017-2470 https://security.archlinux.org/CVE-2017-2471 https://security.archlinux.org/CVE-2017-2475 https://security.archlinux.org/CVE-2017-2476 https://security.archlinux.org/CVE-2017-2481

Severity
CVE-2017-2377 CVE-2017-2386 CVE-2017-2392 CVE-2017-2394
CVE-2017-2395 CVE-2017-2396 CVE-2017-2405 CVE-2017-2415
CVE-2017-2419 CVE-2017-2433 CVE-2017-2442 CVE-2017-2445
CVE-2017-2446 CVE-2017-2447 CVE-2017-2454 CVE-2017-2455
CVE-2017-2457 CVE-2017-2459 CVE-2017-2460 CVE-2017-2464
CVE-2017-2465 CVE-2017-2466 CVE-2017-2468 CVE-2017-2469
CVE-2017-2470 CVE-2017-2471 CVE-2017-2475 CVE-2017-2476
CVE-2017-2481
Package : webkit2gtk
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-235

Workaround

None.

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved