Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 674702 (CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464, WSA-2018-0009)

Summary: <net-libs/webkit-gtk-2.22.5: multiple vulnerabilities (WSA-2018-0009)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: gnome
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://webkitgtk.org/security/WSA-2018-0009.html
Whiteboard: A2 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on: 672108    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2019-01-06 17:15:19 UTC
Incoming details.
Comment 1 Thomas Deutschmann gentoo-dev Security 2019-01-06 17:19:30 UTC
CVE-2018-4437
Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before 2.22.3.

Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.


CVE-2018-4438
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before 2.22.1.

Processing maliciously crafted web content may lead to arbitrary code execution. A logic issue existed resulting in memory corruption. This was addressed with improved state management.


CVE-2018-4441
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before 2.22.1.

Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.


CVE-2018-4442
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before 2.22.1.

Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.


CVE-2018-4443
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before 2.22.1.

Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.


CVE-2018-4464
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.

Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.
Comment 2 Mart Raudsepp gentoo-dev 2019-01-14 19:54:23 UTC
stabling done in dependent bug, cleanup done
Comment 3 Yury German Gentoo Infrastructure gentoo-dev Security 2019-03-07 22:00:19 UTC
Arches and Maintainer(s), Thank you for your work.
Added to an existing GLSA Request.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2019-03-14 01:38:30 UTC
This issue was resolved and addressed in
 GLSA 201903-12 at https://security.gentoo.org/glsa/201903-12
by GLSA coordinator Aaron Bauman (b-man).