Subject: [ASA-201704-9] webkit2gtk: multiple issues Arch Linux Security Advisory ASA-201704-9 ========================================= Severity: Critical Date : 2017-04-28 CVE-ID : CVE-2016-9642 CVE-2016-9643 CVE-2017-2367 CVE-2017-2376 CVE-2017-2377 CVE-2017-2386 CVE-2017-2392 CVE-2017-2394 CVE-2017-2395 CVE-2017-2396 CVE-2017-2405 CVE-2017-2415 CVE-2017-2419 CVE-2017-2433 CVE-2017-2442 CVE-2017-2445 CVE-2017-2446 CVE-2017-2447 CVE-2017-2454 CVE-2017-2455 CVE-2017-2457 CVE-2017-2459 CVE-2017-2460 CVE-2017-2464 CVE-2017-2465 CVE-2017-2466 CVE-2017-2468 CVE-2017-2469 CVE-2017-2470 CVE-2017-2471 CVE-2017-2475 CVE-2017-2476 CVE-2017-2481 Package : webkit2gtk Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-235 Summary ======= The package webkit2gtk before version 2.16.1-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, content spoofing, cross-site scripting, information disclosure, same-origin policy bypass and denial of service. Resolution ========== Upgrade to 2.16.1-1. # pacman -Syu "webkit2gtk>=2.16.1-1" The problems have been fixed upstream in version 2.16.1. Workaround ========== None. Description =========== - CVE-2016-9642 (denial of service) JavaScriptCore in WebKitGTK+ before 2.16.0 allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file. - CVE-2016-9643 (denial of service) The regex code in WebKitGTK+ before 2.14.6 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis). - CVE-2017-2367 (same-origin policy bypass) An issue has been found in WebKit, allowing remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. - CVE-2017-2376 (content spoofing) An issue has been found in WebKit, allowing remote attackers to spoof the address bar by leveraging text input during the loading of a page. - CVE-2017-2377 (denial of service) This issue involves the “WebKit Web Inspector” component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state. - CVE-2017-2386 (same-origin policy bypass) An issue has been found in WebKit, allowing remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. - CVE-2017-2392 (arbitrary code execution) An issue has been found in WebKit, allowing attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. - CVE-2017-2394 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2395 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2396 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2405 (arbitrary code execution) An issue has been found in the “WebKit Web Inspector” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2415 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code by leveraging an unspecified “type confusion.”. - CVE-2017-2419 (access restriction bypass) An issue has been found in WebKit, allowing remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors. - CVE-2017-2433 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2442 (same-origin policy bypass) An issue has been found in WebKit, involving the “WebKit JavaScript Bindings” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. - CVE-2017-2445 (cross-site scripting) An issue has been found in WebKit, allowing remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects. - CVE-2017-2446 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions. - CVE-2017-2447 (information disclosure) An issue has been found in WebKit, allowing remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site. - CVE-2017-2454 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2455 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2457 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2459 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2460 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2464 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2465 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2466 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2468 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2469 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2470 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2471 (arbitrary code execution) A use-after-free vulnerability has been found in WebKit, allowing remote attackers to execute arbitrary code via a crafted web site. - CVE-2017-2475 (cross-site scripting) An issue has been found in WebKit, allowing remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site. - CVE-2017-2476 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2481 (arbitrary code execution) An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Impact ====== A remote attacker can bypass access restrictions, spoof content, access sensitive information, cause a crash and execute arbitrary code on the affected host. References ========== https://webkitgtk.org/security/WSA-2017-0003.html https://security.archlinux.org/CVE-2016-9642 https://security.archlinux.org/CVE-2016-9643 https://security.archlinux.org/CVE-2017-2367 https://security.archlinux.org/CVE-2017-2376 https://security.archlinux.org/CVE-2017-2377 https://security.archlinux.org/CVE-2017-2386 https://security.archlinux.org/CVE-2017-2392 https://security.archlinux.org/CVE-2017-2394 https://security.archlinux.org/CVE-2017-2395 https://security.archlinux.org/CVE-2017-2396 https://security.archlinux.org/CVE-2017-2405 https://security.archlinux.org/CVE-2017-2415 https://security.archlinux.org/CVE-2017-2419 https://security.archlinux.org/CVE-2017-2433 https://security.archlinux.org/CVE-2017-2442 https://security.archlinux.org/CVE-2017-2445 https://security.archlinux.org/CVE-2017-2446 https://security.archlinux.org/CVE-2017-2447 https://security.archlinux.org/CVE-2017-2454 https://security.archlinux.org/CVE-2017-2455 https://security.archlinux.org/CVE-2017-2457 https://security.archlinux.org/CVE-2017-2459 https://security.archlinux.org/CVE-2017-2460 https://security.archlinux.org/CVE-2017-2464 https://security.archlinux.org/CVE-2017-2465 https://security.archlinux.org/CVE-2017-2466 https://security.archlinux.org/CVE-2017-2468 https://security.archlinux.org/CVE-2017-2469 https://security.archlinux.org/CVE-2017-2470 https://security.archlinux.org/CVE-2017-2471 https://security.archlinux.org/CVE-2017-2475 https://security.archlinux.org/CVE-2017-2476 https://security.archlinux.org/CVE-2017-2481