Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 533
Alerts This Week
Warning Icon 1 533

Gentoo: GLSA-202108-01 Critical: WebKitGTK+ Security Flaw Detected

gentoo
Calendar Grey June 7, 2017
Scroller Gentoo Esm H88
WebKitGTK+ weaknesses could let distant intruders run arbitrary code. It is advised to update to reduce potential security threats.
Multiple vulnerabilities have been found in WebKitGTK+, the worst of which allows remote attackers to execute arbitrary code.

Summary

Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.

Resolution

All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"

References

[ 1 ] CVE-2015-2330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330 [ 2 ] CVE-2015-7096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096 [ 3 ] CVE-2015-7098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098 [ 4 ] CVE-2016-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723 [ 5 ] CVE-2016-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724 [ 6 ] CVE-2016-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725 [ 7 ] CVE-2016-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726 [ 8 ] CVE-2016-1727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727 [ 9 ] CVE-2016-1728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728 [ 10 ] CVE-2016-4692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692 [ 11 ] CVE-2016-4743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743 [ 12 ] CVE-2016-7586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586 [ 13 ] CVE-2016-7587 http://nvd.nist.gov/nvd.cfm?cvena...

Read the Full Advisory

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201706-15
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
critical
Lowest
Low
Medium
High
Critical

Severity: Normal
Title: WebKitGTK+: Multiple vulnerabilities
Date: June 07, 2017
Bugs: #543650, #573656, #577068, #608958, #614876, #619788
ID: 201706-15

Synopsis

Multiple vulnerabilities have been found in WebKitGTK+, the worst of which allows remote attackers to execute arbitrary code.

Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3

Impact

===== A remote attack can use multiple vectors to execute arbitrary code or cause a denial of service condition.

Workaround

There is no known workaround at this time.