lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <1525704784.21704.0@mail.igalia.com> Date: Mon, 07 May 2018 09:53:04 -0500 From: Michael Catanzaro <mcatanzaro@...lia.com> To: webkit-gtk@...ts.webkit.org Cc: security@...kit.org, distributor-list@...me.org, oss-security@...ts.openwall.com, bugtraq@...urityfocus.com Subject: WebKitGTK+ Security Advisory WSA-2018-0004 ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2018-0004 ------------------------------------------------------------------------ Date reported : May 07, 2018 Advisory ID : WSA-2018-0004 Advisory URL : https://webkitgtk.org/security/WSA-2018-0004.html CVE identifiers : CVE-2018-4121, CVE-2018-4200, CVE-2018-4204. Several vulnerabilities were discovered in WebKitGTK+. CVE-2018-4121 Versions affected: WebKitGTK+ before 2.20.0. Credit to Natalie Silvanovich of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4200 Versions affected: WebKitGTK+ before 2.20.2. Credit to Ivan Fratric of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. CVE-2018-4204 Versions affected: WebKitGTK+ before 2.20.1. Credit to Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative, found by OSS-Fuzz. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved memory handling. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, May 07, 2018
Powered by blists - more mailing lists