[gentoo-announce] [ GLSA 201612-41 ] WebKitGTK+: Multiple vulnerabilities

Tue, 13 Dec 2016 02:22:25 -0800 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201612-41
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: WebKitGTK+: Multiple vulnerabilities
     Date: December 13, 2016
     Bugs: #543650, #570034, #573656, #577068
       ID: 201612-41

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which may allow execution of arbitrary code.

Background
==========

WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers. It offers
WebKit’s full functionality and is useful in a wide range of systems
from desktop computers to embedded systems like phones, tablets, and
televisions. WebKitGTK+ is made by a lively community of developers and
designers, who hope to bring the web platform to everyone. It’s the
official web engine of the GNOME platform and is used in browsers such
as Epiphany and Midori.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  net-libs/webkit-gtk       < 2.4.10-r200           >= 2.4.10-r200 

Description
===========

Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.

Impact
======

A remote attacker can use multiple vectors to execute arbitrary code or
cause a Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All WebKitGTK+ users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=net-libs/webkit-gtk-2.4.10-r200"

References
==========

[   1 ] CVE-2014-1748
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748
[   2 ] CVE-2014-3192
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3192
[   3 ] CVE-2014-4409
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4409
[   4 ] CVE-2014-4410
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4410
[   5 ] CVE-2014-4411
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4411
[   6 ] CVE-2014-4412
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4412
[   7 ] CVE-2014-4413
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4413
[   8 ] CVE-2014-4414
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4414
[   9 ] CVE-2014-4452
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4452
[  10 ] CVE-2014-4459
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4459
[  11 ] CVE-2014-4465
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4465
[  12 ] CVE-2014-4466
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4466
[  13 ] CVE-2014-4468
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4468
[  14 ] CVE-2014-4469
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4469
[  15 ] CVE-2014-4470
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4470
[  16 ] CVE-2014-4471
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4471
[  17 ] CVE-2014-4472
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4472
[  18 ] CVE-2014-4473
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4473
[  19 ] CVE-2014-4474
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4474
[  20 ] CVE-2014-4475
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4475
[  21 ] CVE-2014-4476
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4476
[  22 ] CVE-2014-4477
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4477
[  23 ] CVE-2014-4479
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4479
[  24 ] CVE-2015-1068
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1068
[  25 ] CVE-2015-1069
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1069
[  26 ] CVE-2015-1070
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1070
[  27 ] CVE-2015-1071
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1071
[  28 ] CVE-2015-1072
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1072
[  29 ] CVE-2015-1073
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1073
[  30 ] CVE-2015-1074
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1074
[  31 ] CVE-2015-1075
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1075
[  32 ] CVE-2015-1076
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1076
[  33 ] CVE-2015-1077
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1077
[  34 ] CVE-2015-1080
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1080
[  35 ] CVE-2015-1081
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1081
[  36 ] CVE-2015-1082
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1082
[  37 ] CVE-2015-1083
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1083
[  38 ] CVE-2015-1084
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1084
[  39 ] CVE-2015-1119
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1119
[  40 ] CVE-2015-1120
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1120
[  41 ] CVE-2015-1121
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1121
[  42 ] CVE-2015-1122
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1122
[  43 ] CVE-2015-1124
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1124
[  44 ] CVE-2015-1126
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1126
[  45 ] CVE-2015-1127
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1127
[  46 ] CVE-2015-1152
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1152
[  47 ] CVE-2015-1153
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1153
[  48 ] CVE-2015-1154
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1154
[  49 ] CVE-2015-1155
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1155
[  50 ] CVE-2015-1156
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1156
[  51 ] CVE-2015-2330
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330
[  52 ] CVE-2015-3658
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3658
[  53 ] CVE-2015-3659
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3659
[  54 ] CVE-2015-3660
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3660
[  55 ] CVE-2015-3727
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3727
[  56 ] CVE-2015-3730
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3730
[  57 ] CVE-2015-3731
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3731
[  58 ] CVE-2015-3732
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3732
[  59 ] CVE-2015-3733
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3733
[  60 ] CVE-2015-3734
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3734
[  61 ] CVE-2015-3735
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3735
[  62 ] CVE-2015-3736
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3736
[  63 ] CVE-2015-3737
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3737
[  64 ] CVE-2015-3738
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3738
[  65 ] CVE-2015-3739
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3739
[  66 ] CVE-2015-3740
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3740
[  67 ] CVE-2015-3741
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3741
[  68 ] CVE-2015-3742
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3742
[  69 ] CVE-2015-3743
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3743
[  70 ] CVE-2015-3744
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3744
[  71 ] CVE-2015-3745
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3745
[  72 ] CVE-2015-3746
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3746
[  73 ] CVE-2015-3747
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3747
[  74 ] CVE-2015-3748
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3748
[  75 ] CVE-2015-3749
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3749
[  76 ] CVE-2015-3750
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3750
[  77 ] CVE-2015-3751
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3751
[  78 ] CVE-2015-3752
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3752
[  79 ] CVE-2015-3753
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3753
[  80 ] CVE-2015-3754
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3754
[  81 ] CVE-2015-3755
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3755
[  82 ] CVE-2015-5788
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5788
[  83 ] CVE-2015-5789
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5789
[  84 ] CVE-2015-5790
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5790
[  85 ] CVE-2015-5791
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5791
[  86 ] CVE-2015-5792
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5792
[  87 ] CVE-2015-5793
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5793
[  88 ] CVE-2015-5794
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5794
[  89 ] CVE-2015-5795
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5795
[  90 ] CVE-2015-5797
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5797
[  91 ] CVE-2015-5798
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5798
[  92 ] CVE-2015-5799
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5799
[  93 ] CVE-2015-5800
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5800
[  94 ] CVE-2015-5801
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5801
[  95 ] CVE-2015-5802
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5802
[  96 ] CVE-2015-5803
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5803
[  97 ] CVE-2015-5804
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5804
[  98 ] CVE-2015-5805
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5805
[  99 ] CVE-2015-5806
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5806
[ 100 ] CVE-2015-5807
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5807
[ 101 ] CVE-2015-5809
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5809
[ 102 ] CVE-2015-5810
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5810
[ 103 ] CVE-2015-5811
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5811
[ 104 ] CVE-2015-5812
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5812
[ 105 ] CVE-2015-5813
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5813
[ 106 ] CVE-2015-5814
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5814
[ 107 ] CVE-2015-5815
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5815
[ 108 ] CVE-2015-5816
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5816
[ 109 ] CVE-2015-5817
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5817
[ 110 ] CVE-2015-5818
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5818
[ 111 ] CVE-2015-5819
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5819
[ 112 ] CVE-2015-5822
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5822
[ 113 ] CVE-2015-5823
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5823
[ 114 ] CVE-2015-5825
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5825
[ 115 ] CVE-2015-5826
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5826
[ 116 ] CVE-2015-5827
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5827
[ 117 ] CVE-2015-5828
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5828
[ 118 ] CVE-2015-5928
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5928
[ 119 ] CVE-2015-5929
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5929
[ 120 ] CVE-2015-5930
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5930
[ 121 ] CVE-2015-5931
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5931
[ 122 ] CVE-2015-7002
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7002
[ 123 ] CVE-2015-7012
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7012
[ 124 ] CVE-2015-7013
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7013
[ 125 ] CVE-2015-7014
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7014
[ 126 ] CVE-2015-7048
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7048
[ 127 ] CVE-2015-7095
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7095
[ 128 ] CVE-2015-7096
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096
[ 129 ] CVE-2015-7097
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7097
[ 130 ] CVE-2015-7098
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098
[ 131 ] CVE-2015-7099
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7099
[ 132 ] CVE-2015-7100
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7100
[ 133 ] CVE-2015-7102
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7102
[ 134 ] CVE-2015-7103
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7103
[ 135 ] CVE-2015-7104
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7104
[ 136 ] CVE-2016-1723
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723
[ 137 ] CVE-2016-1724
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724
[ 138 ] CVE-2016-1725
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725
[ 139 ] CVE-2016-1726
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726
[ 140 ] CVE-2016-1727
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727
[ 141 ] CVE-2016-1728
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201612-41

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to