Executive Summary

Summary
TitleWebkitGTK+: Multiple vulnerabilities
Informations
NameGLSA-201812-04First vendor Publication2018-12-02
VendorGentooLast vendor Modification2018-12-02
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base ScoreN/AAttack RangeN/A
Cvss Impact ScoreN/AAttack ComplexityN/A
Cvss Expoit ScoreN/AAuthenticationN/A
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution.

Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.

Description

Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.

Impact

A remote attacker could execute arbitrary commands or cause a Denial of Service condition via maliciously crafted web content.

Workaround

There is no known workaround at this time.

Resolution

All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.0"

References

[ 1 ] CVE-2018-4191 : https://nvd.nist.gov/vuln/detail/CVE-2018-4191
[ 2 ] CVE-2018-4197 : https://nvd.nist.gov/vuln/detail/CVE-2018-4197
[ 3 ] CVE-2018-4207 : https://nvd.nist.gov/vuln/detail/CVE-2018-4207
[ 4 ] CVE-2018-4208 : https://nvd.nist.gov/vuln/detail/CVE-2018-4208
[ 5 ] CVE-2018-4209 : https://nvd.nist.gov/vuln/detail/CVE-2018-4209
[ 6 ] CVE-2018-4210 : https://nvd.nist.gov/vuln/detail/CVE-2018-4210
[ 7 ] CVE-2018-4212 : https://nvd.nist.gov/vuln/detail/CVE-2018-4212
[ 8 ] CVE-2018-4213 : https://nvd.nist.gov/vuln/detail/CVE-2018-4213
[ 9 ] CVE-2018-4299 : https://nvd.nist.gov/vuln/detail/CVE-2018-4299
[ 10 ] CVE-2018-4306 : https://nvd.nist.gov/vuln/detail/CVE-2018-4306
[ 11 ] CVE-2018-4309 : https://nvd.nist.gov/vuln/detail/CVE-2018-4309
[ 12 ] CVE-2018-4311 : https://nvd.nist.gov/vuln/detail/CVE-2018-4311
[ 13 ] CVE-2018-4312 : https://nvd.nist.gov/vuln/detail/CVE-2018-4312
[ 14 ] CVE-2018-4314 : https://nvd.nist.gov/vuln/detail/CVE-2018-4314
[ 15 ] CVE-2018-4315 : https://nvd.nist.gov/vuln/detail/CVE-2018-4315
[ 16 ] CVE-2018-4316 : https://nvd.nist.gov/vuln/detail/CVE-2018-4316
[ 17 ] CVE-2018-4317 : https://nvd.nist.gov/vuln/detail/CVE-2018-4317
[ 18 ] CVE-2018-4318 : https://nvd.nist.gov/vuln/detail/CVE-2018-4318
[ 19 ] CVE-2018-4319 : https://nvd.nist.gov/vuln/detail/CVE-2018-4319
[ 20 ] CVE-2018-4323 : https://nvd.nist.gov/vuln/detail/CVE-2018-4323
[ 21 ] CVE-2018-4328 : https://nvd.nist.gov/vuln/detail/CVE-2018-4328
[ 22 ] CVE-2018-4358 : https://nvd.nist.gov/vuln/detail/CVE-2018-4358
[ 23 ] CVE-2018-4359 : https://nvd.nist.gov/vuln/detail/CVE-2018-4359
[ 24 ] CVE-2018-4361 : https://nvd.nist.gov/vuln/detail/CVE-2018-4361

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201812-04

Original Source

Url : http://security.gentoo.org/glsa/glsa-201812-04.xml

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2018-12-02 17:18:15
  • First insertion