lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Pukjk-00022e-Hk@titan.mandriva.com>
Date: Wed, 02 Mar 2011 13:01:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:039 ] webkit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:039
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : webkit
 Date    : March 2, 2011
 Affected: 2010.1
 _______________________________________________________________________

 Problem Description:

 Multiple cross-site scripting, denial of service and arbitrary code
 execution security flaws were discovered in webkit.
 
 Please consult the CVE web links for further information.
 
 The updated packages have been upgraded to the latest version (1.2.7)
 to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 141f3cd181b875d1bb40b67a507b6db1  2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm
 054886a3c645b3ce710b9b9daec1d5f9  2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm
 bef556ca3f281f6ef4086292c3b658d2  2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm
 a1ff7ac638646aeb64e3bbdca9bc945d  2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm
 3f40e3ebc62bad67097a9e102e0e79c2  2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm
 50875cf1bc8718cedce1a45dc509b44b  2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm
 625d27780d1cc9edb935d4ac3521ae16  2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 
 8d02c28d8f21a022130be4c49f9d27be  2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 5ce57cd6ab823f8084030033c7c230d7  2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm
 690d8718a97af93f58de3bb2357fbe9b  2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm
 7cc1d4aa77e1901ccc92f27faf85c9ea  2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm
 2b77a77159529c55f64343aba98c15d9  2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm
 475cf83c5ddd8f6809c2c73a1f5a71d1  2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm
 b0f1c76107c3d54241daa7e61bfb29a9  2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm
 97deff5e94a625a79842b4c240b0b00d  2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 
 8d02c28d8f21a022130be4c49f9d27be  2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL
Yv/ButpYAcXsmnJWUG4ayxQ=
=GRM6
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ