Executive Summary

Summary
Title WebkitGTK+: Multiple vulnerabilities
Informations
Name GLSA-201801-09 First vendor Publication 2018-01-07
Vendor Gentoo Last vendor Modification 2018-01-07
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis


========


 


Multiple vulnerabilities have been found in WebkitGTK+, the worst of


which may lead to arbitrary code execution.


 


Background


==========


 


WebKitGTK+ is a full-featured port of the WebKit rendering engine.


 


Description


===========


 


Multiple vulnerabilities have been discovered in WebkitGTK+. Please


review the referenced CVE Identifiers for details.


 


Impact


======


 


An attacker, by enticing a user to visit maliciously crafted web


content, may be able to execute arbitrary code or cause memory


corruption.


 


Workaround


==========


 


There are no known workarounds at this time.


 


Resolution


==========


 


All WebkitGTK+ users should upgrade to the latest version:


 



# emerge --sync



# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.4:4"


 


References


==========


 


[ 1 ] CVE-2017-13856


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13856


[ 2 ] CVE-2017-13866


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13866


[ 3 ] CVE-2017-13870


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13870


[ 4 ] CVE-2017-7156


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7156


[ 5 ] CVE-2017-7157


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7157


 


Availability


============


 


This GLSA and any updates to it are available for viewing at


the Gentoo Security Website:


 


https://security.gentoo.org/glsa/201801-09


 


Original Source

Url : http://security.gentoo.org/glsa/glsa-201801-09.xml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 263
Application 1
Os 167
Os 1
Os 49

Nessus® Vulnerability Scanner

Date Description
2018-03-29 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_1ce95bc7327811e8b52700012e582166.nasl - Type : ACT_GATHER_INFO
2018-01-15 Name : The remote Fedora host is missing a security update.
File : fedora_2017-06b373d942.nasl - Type : ACT_GATHER_INFO
2018-01-10 Name : The remote Fedora host is missing a security update.
File : fedora_2017-0ad0e2f390.nasl - Type : ACT_GATHER_INFO
2018-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201801-09.nasl - Type : ACT_GATHER_INFO
2018-01-08 Name : An application installed on the remote host is affected by multiple vulnerabi...
File : itunes_12_7_2.nasl - Type : ACT_GATHER_INFO
2018-01-08 Name : An application installed on the remote host is affected by multiple vulnerabi...
File : itunes_12_7_2_banner.nasl - Type : ACT_GATHER_INFO
2018-01-05 Name : The remote Apple TV device is affected by multiple vulnerabilities.
File : appletv_11_2.nasl - Type : ACT_GATHER_INFO
2018-01-03 Name : A web browser installed on the remote macOS or Mac OS X host is affected by m...
File : macosx_Safari11_0_2.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2018-01-08 05:19:57
  • First insertion