[webkit-gtk] WebKitGTK+ Security Advisory WSA-2017-0006

Carlos Alberto Lopez Perez clopez at igalia.com
Tue Jul 25 05:42:55 PDT 2017 

------------------------------------------------------------------------
WebKitGTK+ Security Advisory                               WSA-2017-0006
------------------------------------------------------------------------

Date reported      : July 25, 2017
Advisory ID        : WSA-2017-0006
Advisory URL       : https://webkitgtk.org/security/WSA-2017-0006.html
CVE identifiers    : CVE-2017-7006, CVE-2017-7011, CVE-2017-7012,
                     CVE-2017-7018, CVE-2017-7019, CVE-2017-7020,
                     CVE-2017-7030, CVE-2017-7034, CVE-2017-7037,
                     CVE-2017-7038, CVE-2017-7039, CVE-2017-7040,
                     CVE-2017-7041, CVE-2017-7042, CVE-2017-7043,
                     CVE-2017-7046, CVE-2017-7048, CVE-2017-7049,
                     CVE-2017-7052, CVE-2017-7055, CVE-2017-7056,
                     CVE-2017-7059, CVE-2017-7061, CVE-2017-7064.

Several vulnerabilities were discovered in WebKitGTK+.

CVE-2017-7006
    Versions affected: WebKitGTK+ before 2.16.2.
    Credit to David Kohlbrenner of UC San Diego, an anonymous
    researcher.
    Impact: A malicious website may exfiltrate data cross-origin.
    Description: Processing maliciously crafted web content may allow
    cross-origin data to be exfiltrated by using SVG filters to conduct
    a timing side-channel attack. This issue was addressed by not
    painting the cross-origin buffer into the frame that gets filtered.

CVE-2017-7011
    Versions affected: WebKitGTK+ before 2.16.3.
    Credit to xisigr of Tencent's Xuanwu Lab (tencent.com).
    Impact: Visiting a malicious website may lead to address bar
    spoofing. Description: A state management issue was addressed with
    improved frame handling.

CVE-2017-7012
    Versions affected: WebKitGTK+ before 2.16.2.
    Credit to Apple.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7018
    Versions affected: WebKitGTK+ before 2.16.6.
    Credit to lokihardt of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7019
    Versions affected: WebKitGTK+ before 2.16.2.
    Credit to Zhiyang Zeng of Tencent Security Platform Department.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7020
    Versions affected: WebKitGTK+ before 2.16.1.
    Credit to likemeng of Baidu Security Lab.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7030
    Versions affected: WebKitGTK+ before 2.16.6.
    Credit to chenqin of Ant-financial Light-Year Security Lab
    (蚂蚁金服巴斯光年安全实验室).
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7034
    Versions affected: WebKitGTK+ before 2.16.6.
    Credit to chenqin of Ant-financial Light-Year Security Lab
    (蚂蚁金服巴斯光年安全实验室).
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7037
    Versions affected: WebKitGTK+ before 2.16.6.
    Credit to lokihardt of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7038
    Versions affected: WebKitGTK+ before 2.16.2.
    Credit to Neil Jenkins of FastMail Pty Ltd, Egor Karbutov
    (@ShikariSenpai) of Digital Security and Egor Saltykov
    (@ansjdnakjdnajkd) of Digital Security.
    Impact: Processing maliciously crafted web content with DOMParser
    may lead to cross site scripting. Description: A logic issue existed
    in the handling of DOMParser. This issue was addressed with improved
    state management.

CVE-2017-7039
    Versions affected: WebKitGTK+ before 2.16.6.
    Credit to Ivan Fratric of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7040
    Versions affected: WebKitGTK+ before 2.16.3.
    Credit to Ivan Fratric of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7041
    Versions affected: WebKitGTK+ before 2.16.2.
    Credit to Ivan Fratric of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7042
    Versions affected: WebKitGTK+ before 2.16.2.
    Credit to Ivan Fratric of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7043
    Versions affected: WebKitGTK+ before 2.16.2.
    Credit to Ivan Fratric of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7046
    Versions affected: WebKitGTK+ before 2.16.6.
    Credit to Ivan Fratric of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7048
    Versions affected: WebKitGTK+ before 2.16.6.
    Credit to Ivan Fratric of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7049
    Versions affected: WebKitGTK+ before 2.16.2.
    Credit to Ivan Fratric of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed through improved memory handling.

CVE-2017-7052
    Versions affected: WebKitGTK+ before 2.16.4.
    Credit to cc working with Trend Micro's Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7055
    Versions affected: WebKitGTK+ before 2.16.6.
    Credit to The UK's National Cyber Security Centre (NCSC).
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7056
    Versions affected: WebKitGTK+ before 2.16.6.
    Credit to lokihardt of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7059
    Versions affected: WebKitGTK+ before 2.16.3.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content with DOMParser
    may lead to cross site scripting. Description: A logic issue existed
    in the handling of DOMParser. This issue was addressed with improved
    state management.

CVE-2017-7061
    Versions affected: WebKitGTK+ before 2.16.6.
    Credit to lokihardt of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-7064
    Versions affected: WebKitGTK+ before 2.16.6.
    Credit to lokihardt of Google Project Zero.
    Impact: An application may be able to read restricted memory.
    Description: A memory initialization issue was addressed through
    improved memory handling.


We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.

Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html

The WebKitGTK+ team,
July 25, 2017

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://lists.webkit.org/pipermail/webkit-gtk/attachments/20170725/4370eea4/attachment.bin>

More information about the webkit-gtk mailing list