[webkit-gtk] WebKitGTK+ Security Advisory WSA-2017-0005

Carlos Alberto Lopez Perez clopez at igalia.com
Wed Jun 21 11:18:39 PDT 2017

WebKitGTK+ Security Advisory                               WSA-2017-0005

Date reported      : June 21, 2017
Advisory ID        : WSA-2017-0005
Advisory URL       : https://webkitgtk.org/security/WSA-2017-0005.html
CVE identifiers    : CVE-2017-2538, CVE-2017-2424.

Several vulnerabilities were discovered in WebKitGTK+.

    Versions affected: WebKitGTK+ before 2.16.4.
    Credit to Richard Zhu (fluorescence) working with Trend Micro's Zero
    Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

    Versions affected: WebKitGTK+ before 2.16.0.
    Credit to Paul Thomson (using the GLFuzz tool) of the Multicore
    Programming Group, Imperial College London.
    Impact: Processing maliciously crafted web content may result in the
    disclosure of process memory. Description: An information disclosure
    issue existed in the processing of OpenGL shaders. This issue was
    addressed through improved memory management.

We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.

Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html

The WebKitGTK+ team,
June 21, 2017

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://lists.webkit.org/pipermail/webkit-gtk/attachments/20170621/1ff08ea1/attachment.bin>

More information about the webkit-gtk mailing list