AVG-170

Package webkit2gtk
Status Fixed
Severity Critical
Type multiple issues
Affected 2.14.3-1
Fixed 2.14.4-1
Current 2.18.6-1 [extra]
Ticket None
Created Fri Feb 10 14:06:50 2017
Issue Severity Remote Type Description
CVE-2017-2373 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ before 2.14.4, leading to arbitrary code execution while processing maliciously crafted web content.
CVE-2017-2371 Medium Yes Access restriction bypass
An issue has been found in the handling of blocking popups in WebKitGTK+ before 2.14.4, allowing a malicious website to open popups.
CVE-2017-2369 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ before 2.14.4, leading to arbitrary code execution while processing maliciously crafted web content.
CVE-2017-2366 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ before 2.14.4, leading to arbitrary code execution while processing maliciously crafted web content.
CVE-2017-2365 Medium Yes Information disclosure
A validation issue has been found in variable handling in WebKitGTK+ before 2.14.4, leading to cross-origin data exfiltration while processing maliciously...
CVE-2017-2364 Medium Yes Information disclosure
Multiple validation issues have been found in the handling of page loading in WebKitGTK+ before 2.14.4, leading to cross-origin data exfiltration while...
CVE-2017-2363 Medium Yes Information disclosure
Multiple validation issues have been found in the handling of page loading in WebKitGTK+ before 2.14.4, leading to cross-origin data exfiltration while...
CVE-2017-2362 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ before 2.14.4, leading to arbitrary code execution while processing maliciously crafted web content.
CVE-2017-2356 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ before 2.14.4, leading to arbitrary code execution while processing maliciously crafted web content.
CVE-2017-2355 Critical Yes Arbitrary code execution
A memory initialization issue has been found in WebKitGTK+ before 2.14.4, leading to arbitrary code execution while processing maliciously crafted web content.
CVE-2017-2354 Critical Yes Arbitrary code execution
Several memory corruption issues have been found in WebKitGTK+ before 2.14.4, leading to arbitrary code execution while processing maliciously crafted web content.
CVE-2017-2350 Medium Yes Information disclosure
A security issue has been found in WebKitGTK+ before 2.14.4, where processing maliciously crafted web content may exfiltrate data cross- origin.
Date Advisory Package Description
11 Feb 2017 ASA-201702-9 webkit2gtk multiple issues
References
https://webkitgtk.org/security/WSA-2017-0002.html