Executive Summary

Summary
TitleWebkitGTK+: Multiple vulnerabilities
Informations
NameGLSA-201812-04First vendor Publication2018-12-02
VendorGentooLast vendor Modification2018-12-02
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution.

Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.

Description

Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.

Impact

A remote attacker could execute arbitrary commands or cause a Denial of Service condition via maliciously crafted web content.

Workaround

There is no known workaround at this time.

Resolution

All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.0"

References

[ 1 ] CVE-2018-4191 : https://nvd.nist.gov/vuln/detail/CVE-2018-4191
[ 2 ] CVE-2018-4197 : https://nvd.nist.gov/vuln/detail/CVE-2018-4197
[ 3 ] CVE-2018-4207 : https://nvd.nist.gov/vuln/detail/CVE-2018-4207
[ 4 ] CVE-2018-4208 : https://nvd.nist.gov/vuln/detail/CVE-2018-4208
[ 5 ] CVE-2018-4209 : https://nvd.nist.gov/vuln/detail/CVE-2018-4209
[ 6 ] CVE-2018-4210 : https://nvd.nist.gov/vuln/detail/CVE-2018-4210
[ 7 ] CVE-2018-4212 : https://nvd.nist.gov/vuln/detail/CVE-2018-4212
[ 8 ] CVE-2018-4213 : https://nvd.nist.gov/vuln/detail/CVE-2018-4213
[ 9 ] CVE-2018-4299 : https://nvd.nist.gov/vuln/detail/CVE-2018-4299
[ 10 ] CVE-2018-4306 : https://nvd.nist.gov/vuln/detail/CVE-2018-4306
[ 11 ] CVE-2018-4309 : https://nvd.nist.gov/vuln/detail/CVE-2018-4309
[ 12 ] CVE-2018-4311 : https://nvd.nist.gov/vuln/detail/CVE-2018-4311
[ 13 ] CVE-2018-4312 : https://nvd.nist.gov/vuln/detail/CVE-2018-4312
[ 14 ] CVE-2018-4314 : https://nvd.nist.gov/vuln/detail/CVE-2018-4314
[ 15 ] CVE-2018-4315 : https://nvd.nist.gov/vuln/detail/CVE-2018-4315
[ 16 ] CVE-2018-4316 : https://nvd.nist.gov/vuln/detail/CVE-2018-4316
[ 17 ] CVE-2018-4317 : https://nvd.nist.gov/vuln/detail/CVE-2018-4317
[ 18 ] CVE-2018-4318 : https://nvd.nist.gov/vuln/detail/CVE-2018-4318
[ 19 ] CVE-2018-4319 : https://nvd.nist.gov/vuln/detail/CVE-2018-4319
[ 20 ] CVE-2018-4323 : https://nvd.nist.gov/vuln/detail/CVE-2018-4323
[ 21 ] CVE-2018-4328 : https://nvd.nist.gov/vuln/detail/CVE-2018-4328
[ 22 ] CVE-2018-4358 : https://nvd.nist.gov/vuln/detail/CVE-2018-4358
[ 23 ] CVE-2018-4359 : https://nvd.nist.gov/vuln/detail/CVE-2018-4359
[ 24 ] CVE-2018-4361 : https://nvd.nist.gov/vuln/detail/CVE-2018-4361

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201812-04

Original Source

Url : http://security.gentoo.org/glsa/glsa-201812-04.xml

CWE : Common Weakness Enumeration

%idName
80 %CWE-20Improper Input Validation
20 %CWE-129Improper Validation of Array Index

CPE : Common Platform Enumeration

TypeDescriptionCount
Application56
Application6
Application217
Application147
Application151
Os160
Os20
Os1
Os1

Nessus® Vulnerability Scanner

DateDescription
2018-12-03Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201812-04.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2019-01-16 17:21:18
  • Multiple Updates
2019-01-12 17:21:12
  • Multiple Updates
2018-12-02 17:18:15
  • First insertion