[webkit-gtk] WebKitGTK+ Security Advisory WSA-2017-0005
Carlos Alberto Lopez Perez
clopez at igalia.com
Wed Jun 21 11:18:39 PDT 2017
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0005
------------------------------------------------------------------------
Date reported : June 21, 2017
Advisory ID : WSA-2017-0005
Advisory URL : https://webkitgtk.org/security/WSA-2017-0005.html
CVE identifiers : CVE-2017-2538, CVE-2017-2424.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2017-2538
Versions affected: WebKitGTK+ before 2.16.4.
Credit to Richard Zhu (fluorescence) working with Trend Micro's Zero
Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
CVE-2017-2424
Versions affected: WebKitGTK+ before 2.16.0.
Credit to Paul Thomson (using the GLFuzz tool) of the Multicore
Programming Group, Imperial College London.
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory. Description: An information disclosure
issue existed in the processing of OpenGL shaders. This issue was
addressed through improved memory management.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
June 21, 2017
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://lists.webkit.org/pipermail/webkit-gtk/attachments/20170621/1ff08ea1/attachment.bin>
More information about the webkit-gtk
mailing list