[webkit-gtk] WebKitGTK+ Security Advisory WSA-2017-0007
Carlos Alberto Lopez Perez
clopez at igalia.com
Fri Aug 25 09:27:59 PDT 2017
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0007
------------------------------------------------------------------------
Date reported : August 25, 2017
Advisory ID : WSA-2017-0007
Advisory URL : https://webkitgtk.org/security/WSA-2017-0007.html
CVE identifiers : CVE-2017-1000121, CVE-2017-1000122.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2017-1000121
Versions affected: WebKitGTK+ before 2.16.3.
Credit to Nathan Crandall.
Impact: Processing maliciously crafted input may lead to arbitrary
code execution or application crash. Description: An input
validation issue on the handling of UNIX IPC messages may allow an
attacker to trigger an integer overflow. The issue was addressed
through improved state management.
CVE-2017-1000122
Versions affected: WebKitGTK+ before 2.16.3.
Credit to Nathan Crandall.
Impact: Processing maliciously crafted input may lead to application
crash. Description: An input validation issue on the handling of
UNIX IPC messages allows an attacker to trigger an application
crash. The issue was addressed through improved state management.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
August 25, 2017
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://lists.webkit.org/pipermail/webkit-gtk/attachments/20170825/608afc2a/attachment.bin>
More information about the webkit-gtk
mailing list