AVG-235

Package webkit2gtk
Status Fixed
Severity Critical
Type multiple issues
Affected 2.14.5-1
Fixed 2.16.1-1
Current 2.22.5-1 [extra]
Ticket None
Created Fri Apr 7 08:35:30 2017
Issue Severity Remote Type Description
CVE-2017-2481 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2476 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2475 Medium Yes Cross-site scripting
An issue has been found in WebKit, allowing remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site.
CVE-2017-2471 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in WebKit, allowing remote attackers to execute arbitrary code via a crafted web site.
CVE-2017-2470 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2469 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2468 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2466 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2465 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2464 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2460 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2459 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2457 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2455 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2454 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2447 High Yes Information disclosure
An issue has been found in WebKit, allowing remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site.
CVE-2017-2446 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode...
CVE-2017-2445 High Yes Cross-site scripting
An issue has been found in WebKit, allowing remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects.
CVE-2017-2442 High Yes Same-origin policy bypass
An issue has been found in WebKit, involving the “WebKit JavaScript Bindings” component. It allows remote attackers to bypass the Same Origin Policy and...
CVE-2017-2433 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2419 High Yes Access restriction bypass
An issue has been found in WebKit, allowing remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors.
CVE-2017-2415 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code by leveraging an unspecified “type confusion.”.
CVE-2017-2405 Critical Yes Arbitrary code execution
An issue has been found in the “WebKit Web Inspector” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory...
CVE-2017-2396 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2395 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2394 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...
CVE-2017-2392 Critical Yes Arbitrary code execution
An issue has been found in WebKit, allowing attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-2386 High Yes Same-origin policy bypass
An issue has been found in WebKit, allowing remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
CVE-2017-2377 Medium Yes Denial of service
This issue involves the “WebKit Web Inspector” component. It allows attackers to cause a denial of service (memory corruption and application crash) by...
CVE-2017-2376 High Yes Content spoofing
An issue has been found in WebKit, allowing remote attackers to spoof the address bar by leveraging text input during the loading of a page.
CVE-2017-2367 High Yes Same-origin policy bypass
An issue has been found in WebKit, allowing remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
CVE-2016-9643 Medium Yes Denial of service
The regex code in WebKitGTK+ before 2.14.6 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($...
CVE-2016-9642 Medium Yes Denial of service
JavaScriptCore in WebKitGTK+ before 2.16.0 allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file.
Date Advisory Package Description
28 Apr 2017 ASA-201704-9 webkit2gtk multiple issues
References
https://webkitgtk.org/security/WSA-2017-0003.html