lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1528987730.4808.1@mail.igalia.com>
Date: Thu, 14 Jun 2018 09:48:50 -0500
From: Michael Catanzaro <mcatanzaro@...lia.com>
To: webkit-gtk@...ts.webkit.org, webkit-wpe@...ts.webkit.org
Cc: security@...kit.org, distributor-list@...me.org,
  oss-security@...ts.openwall.com, bugtraq@...urityfocus.com
Subject: WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005

------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory                WSA-2018-0005
------------------------------------------------------------------------

Date reported           : June 13, 2018
Advisory ID             : WSA-2018-0005
WebKitGTK+ Advisory URL : 
https://webkitgtk.org/security/WSA-2018-0005.html
WPE WebKit Advisory URL : 
https://wpewebkit.org/security/WSA-2018-0005.html
CVE identifiers         : CVE-2018-4190, CVE-2018-4192, CVE-2018-4199,
                          CVE-2018-4201, CVE-2018-4214, CVE-2018-4218,
                          CVE-2018-4222, CVE-2018-4232, CVE-2018-4233,
                          CVE-2018-11646, CVE-2018-11712,
                          CVE-2018-11713, CVE-2018-12293,
                          CVE-2018-12294.

Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.

CVE-2018-4190
    Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
    2.20.1.
    Credit to Jun Kokatsu (@shhnjk).
    Impact: Visiting a maliciously crafted website may leak sensitive
    data. Description: Credentials were unexpectedly sent when fetching
    CSS mask images. This was addressed by using a CORS-enabled fetch
    method.

CVE-2018-4192
    Versions affected: WebKitGTK+ before 2.20.1.
    Credit to Markus Gaasedelen, Nick Burnett, and Patrick Biernat of
    Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: A race condition was
    addressed with improved locking.

CVE-2018-4199
    Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
    2.20.1.
    Credit to Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of
    MWR Labs working with Trend Micro's Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: A buffer overflow issue was
    addressed with improved memory handling.

CVE-2018-4201
    Versions affected: WebKitGTK+ before 2.20.1.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4214
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to OSS-Fuzz.
    Impact: Processing maliciously crafted web content may lead to an
    unexpected application crash. Description: A memory corruption issue
    was addressed with improved input validation.

CVE-2018-4218
    Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
    2.20.1.
    Credit to Natalie Silvanovich of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4222
    Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
    2.20.1.
    Credit to Natalie Silvanovich of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: An out-of-bounds read was
    addressed with improved input validation.

CVE-2018-4232
    Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
    2.20.1.
    Credit to Aymeric Chaib.
    Impact: Visiting a maliciously crafted website may lead to cookies
    being overwritten. Description: A permissions issue existed in the
    handling of web browser cookies. This issue was addressed with
    improved restrictions.

CVE-2018-4233
    Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
    2.20.1.
    Credit to Samuel Groß (@5aelo) working with Trend Micro's Zero Day
    Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-11646
    Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
    2.20.1.
    Credit to Mishra Dhiraj.
    Maliciously crafted web content could trigger an application crash
    in WebKitFaviconDatabase, caused by mishandling unexpected input.

CVE-2018-11712
    Versions affected: WebKitGTK+ 2.20.0 and 2.20.1.
    Credit to Metrological Group B.V.
    The libsoup network backend of WebKit failed to perform TLS
    certificate verification for WebSocket connections.

CVE-2018-11713
    Versions affected: WebKitGTK+ before 2.20.0 or without libsoup
    2.62.0.
    Credit to Dirkjan Ochtman.
    The libsoup network backend of WebKit unexpectedly failed to use
    system proxy settings for WebSocket connections. As a result, users
    could be deanonymized by crafted web sites via a WebSocket
    connection.

CVE-2018-12293
    Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before
    2.20.1.
    Credit to ADlab of Venustech.
    Maliciously crafted web content could achieve a heap buffer overflow
    in ImageBufferCairo by exploiting multiple integer overflow issues.

CVE-2018-12294
    Versions affected: WebKitGTK+ before 2.20.2.
    Credit to ADlab of Venustech.
    Maliciously crafted web content could trigger a use-after-free of a
    TextureMapperLayer object.


We recommend updating to the latest stable versions of WebKitGTK+ and
WPE WebKit. It is the best way to ensure that you are running a safe
version of WebKit. Please check our websites for information about the
latest stable releases.

Further information about WebKitGTK+ and WPE WebKit security advisories
can be found at https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.

The WebKitGTK+ and WPE WebKit team,
June 13, 2018

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ