Summary: | <net-libs/webkit-gtk-2.22.0: multiple vulnerabilities (WSA-2018-0007) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | gnome |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://webkitgtk.org/security/WSA-2018-0007.html | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
net-libs/webkit-gtk-2.22.2
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2018-10-06 16:39:09 UTC
Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2018-4207 Unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. CVE-2018-4208 Unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. CVE-2018-4209 Unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. CVE-2018-4210 Unexpected interaction with indexing types caused a failure. An array indexing issue existed in the handling of a function in JavaScriptCore. This issue was addressed with improved checks. CVE-2018-4212 Unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. CVE-2018-4213 Unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. CVE-2018-4191 Unexpected interaction causes an ASSERT failure. A memory corruption issue was addressed with improved validation. CVE-2018-4197 Processing maliciously crafted web content may lead to arbitrary code execution. A use after free issue was addressed with improved memory management. CVE-2018-4299 Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4306 Processing maliciously crafted web content may lead to arbitrary code execution. A use after free issue was addressed with improved memory management. CVE-2018-4309 A malicious website may be able to execute scripts in the context of another website. A cross-site scripting issue existed in WebKit. This issue was addressed with improved URL validation. CVE-2018-4311 Cross-origin SecurityErrors includes the accessed frame’s origin. The issue was addressed by removing origin information. CVE-2018-4312 Processing maliciously crafted web content may lead to arbitrary code execution. A use after free issue was addressed with improved memory management. CVE-2018-4314 Processing maliciously crafted web content may lead to arbitrary code execution. A use after free issue was addressed with improved memory management. CVE-2018-4315 Processing maliciously crafted web content may lead to arbitrary code execution. A use after free issue was addressed with improved memory management. CVE-2018-4316 Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved state management. CVE-2018-4317 Processing maliciously crafted web content may lead to arbitrary code execution. A use after free issue was addressed with improved memory management. CVE-2018-4318 Processing maliciously crafted web content may lead to arbitrary code execution. A use after free issue was addressed with improved memory management. CVE-2018-4319 A malicious website may cause unexepected cross-origin behavior. A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins. CVE-2018-4323 Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4328 Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4358 Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4359 Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4361 Unexpected interaction causes an ASSERT failure. A memory corruption issue was addressed with improved memory handling. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb1d2ca7ceb1e944daadd50ead344d1ac9db70d1 commit bb1d2ca7ceb1e944daadd50ead344d1ac9db70d1 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2018-10-06 17:55:58 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2018-10-06 18:31:09 +0000 net-libs/webkit-gtk: bump to 2.22.2 Bug: https://bugs.gentoo.org/667892 Signed-off-by: Mart Raudsepp <leio@gentoo.org> Package-Manager: Portage-2.3.49, Repoman-2.3.11 net-libs/webkit-gtk/Manifest | 1 + net-libs/webkit-gtk/webkit-gtk-2.22.2.ebuild | 272 +++++++++++++++++++++++++++ 2 files changed, 273 insertions(+) Delaying CCing arches a bit to figure out what's going on with epiphany-3.30.1 outright crashing with all this for the Youtube MSE fixes in webkit-gtk-2.22.2/gst-plugins-good-1.14.4/epiphany-3.30.1. Help testing the masked epiphany 3.30.1 with youtube is welcome - maybe in other setups it doesn't crash. If there are no updates on this by 9th October, feel free to just CC arches, as worst is that we just end up with yet another webkit-gtk revbump to fix that up. As-is, because epiphany-3.30.1 is masked, 2.22.2 will work fine, just no higher than 240p/360p resolution youtube. It crashes with newer epiphany when opusparse gstreamer element doesn't exist. This is a gst-plugins-bad quality element that wasn't ready to move to base pack together with encoder/decoder, and I was told at the time that nothing really should need it - not the case anymore apparently. That said, this is only an issue when experimental MSE support is explicitly enabled by a webkit-gtk using application, and MSE makes mostly sense just in browsers, so pretty much epiphany only. I will simply keep epiphany not using MSE until opusparse is figured out, and if necessary, add these runtime deps to epiphany only, not webkit-gtk for the time being (to avoid the deps for almost all other webkit-gtk use cases that wouldn't need it, and to not have to stabilize newer gstreamer for this security bug). https://bugs.webkit.org/show_bug.cgi?id=190469 is filed, in case this really shouldn't be hard required. tl;dr: webkit-gtk security stabilization can proceed fine, as issues are only brought out with package.masked epiphany. x86 stable amd64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=397750445dd53fee8002275611b56a3cea397a7e commit 397750445dd53fee8002275611b56a3cea397a7e Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2018-10-14 12:04:32 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2018-10-14 12:05:35 +0000 net-libs/webkit-gtk: security cleanup Bug: https://bugs.gentoo.org/667892 Signed-off-by: Mart Raudsepp <leio@gentoo.org> Package-Manager: Portage-2.3.49, Repoman-2.3.11 net-libs/webkit-gtk/Manifest | 2 - net-libs/webkit-gtk/webkit-gtk-2.20.4.ebuild | 271 --------------------------- net-libs/webkit-gtk/webkit-gtk-2.20.5.ebuild | 271 --------------------------- 3 files changed, 544 deletions(-) This issue was resolved and addressed in GLSA 201812-04 at https://security.gentoo.org/glsa/201812-04 by GLSA coordinator Aaron Bauman (b-man). |