Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 350598 (CVE-2010-1791) - <net-libs/webkit-gtk-1.2.6: Multiple vulnerabilities (CVE-2010-{1791,3812,3813,4197,4198,4204,4206)}
Summary: <net-libs/webkit-gtk-1.2.6: Multiple vulnerabilities (CVE-2010-{1791,3812,381...
Status: RESOLVED FIXED
Alias: CVE-2010-1791
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa]
Keywords:
Depends on: 351284 351561
Blocks:
  Show dependency tree
 
Reported: 2011-01-04 21:56 UTC by Pacho Ramos
Modified: 2014-12-12 00:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
(SPARC) emerge --info =net-libs/webkit-gtk-1.2.6 (info,4.26 KB, text/plain)
2011-01-13 00:01 UTC, Alex Buell
no flags Details
(SPARC) emerge -pqv =net-libs/webkit-gtk-1.2.6' (pqv,330 bytes, text/plain)
2011-01-13 00:02 UTC, Alex Buell
no flags Details
(SPARC) /var/tmp/portage/net-libs/webkit-gtk-1.2.6/temp/build.log (build.log,4.97 KB, text/plain)
2011-01-13 00:03 UTC, Alex Buell
no flags Details
(SPARC) /var/tmp/portage/net-libs/webkit-gtk-1.2.6/temp/environment (environment,120.96 KB, text/plain)
2011-01-13 00:03 UTC, Alex Buell
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Pacho Ramos gentoo-dev 2011-01-04 21:56:21 UTC
+*webkit-gtk-1.2.6 (04 Jan 2011)
+
+  04 Jan 2011; Pacho Ramos <pacho@gentoo.org>
+  -files/webkit-gtk-1.1.15.2-unaligned.patch, -webkit-gtk-1.1.15.4.ebuild,
+  -files/webkit-gtk-1.1.15.4-darwin-quartz.patch,
+  -files/webkit-gtk-1.1.15.4-icu44.patch, +webkit-gtk-1.2.6.ebuild,
+  metadata.xml:
+  Version bump: Fixes crashes with newer libpng (>= 1.4), security fixes
+  CVE-2010-4198 CVE-2010-4197 CVE-2010-4204 CVE-2010-4206 CVE-2010-1791
+  CVE-2010-3812 CVE-2010-3813. Also makes JIT support optional as it causes
+  problems with hardened (bug #338213). Remove old.
+


Reproducible: Always
Comment 1 Pacho Ramos gentoo-dev 2011-01-04 21:56:44 UTC
webkit-gtk-1.2.6 just committed, looks to work ok for me (under Gnome 2.32)
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-01-04 22:20:39 UTC
(In reply to comment #1)
> webkit-gtk-1.2.6 just committed, looks to work ok for me (under Gnome 2.32)
> 

Thanks, Pacho. We're still stabilizing =net-libs/webkit-gtk-1.2.5 in bug 281819; can we stabilize this instead?

<--

CVE-2010-1791, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1791
Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.

CVE-2010-3812, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3812
Integer overflow in the wholeText method in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects.

CVE-2010-3813, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3813
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to bypass the DNS prefetching setting via an HTML LINK element, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.

CVE-2010-4197, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4197 
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.

CVE-2010-4198, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4198
Google Chrome before 7.0.517.44 does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.

CVE-2010-4204, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4204
Google Chrome before 7.0.517.44 accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2010-4206, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4206
Google Chrome before 7.0.517.44 accesses memory at an out-of-bounds array index during processing of an SVG document, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Comment 3 Pacho Ramos gentoo-dev 2011-01-04 22:24:12 UTC
I would stabilize this but, since I have only tested this a bit with epiphany (as I use chromium mainly), I would wait a bit for other gnome team member opinion
Comment 4 Pacho Ramos gentoo-dev 2011-01-09 19:15:07 UTC
(In reply to comment #2)
> (In reply to comment #1)
> > webkit-gtk-1.2.6 just committed, looks to work ok for me (under Gnome 2.32)
> > 
> 
> Thanks, Pacho. We're still stabilizing =net-libs/webkit-gtk-1.2.5 in bug
> 281819; can we stabilize this instead?
> 

I would say "go ahead" ;-)
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-01-10 05:46:33 UTC
(In reply to comment #4)
>
> I would say "go ahead" ;-)
> 

Great, thank you.

Arches, please test and mark stable:
=net-libs/webkit-gtk-1.2.6
Target keywords : "alpha amd64 arm ia64 ppc sparc x86"
Comment 6 Markos Chandras (RETIRED) gentoo-dev 2011-01-10 10:31:37 UTC
amd64 done
Comment 7 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-01-10 13:07:30 UTC
x86 stable
Comment 8 Alex Buell 2011-01-10 22:57:22 UTC
I am unable to build and test webkit-gtk-1.2.6 on SPARC: 

(...)
checking for style of include used by make... GNU
checking for sparc-unknown-linux-gnu-gcc... sparc-unknown-linux-gnu-gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... configure: error: in `/var/tmp/portage/net-libs/webkit-gtk-1.2.6/work/webkit-1.2.6':
configure: error: cannot run C compiled programs.
If you meant to cross compile, use `--host'.
See `config.log' for more details.

!!! Please attach the following file when seeking support:
!!! /var/tmp/portage/net-libs/webkit-gtk-1.2.6/work/webkit-1.2.6/config.log
 * ERROR: net-libs/webkit-gtk-1.2.6 failed:
 *   econf failed
 * 
 * Call stack:
 *     ebuild.sh, line   56:  Called src_configure
 *   environment, line 3269:  Called econf '--disable-introspection' '--disable-web_sockets' '--disable-coverage' '--disable-debug' '--enable-video' '--disable-introspection' '--enable-jit'
 *     ebuild.sh, line  552:  Called die
 * The specific snippet of code:
 *                      die "econf failed"
 * 
 * If you need support, post the output of 'emerge --info =net-libs/webkit-gtk-1.2.6',
 * the complete build log and the output of 'emerge -pqv =net-libs/webkit-gtk-1.2.6'.
 * The complete build log is located at '/var/tmp/portage/net-libs/webkit-gtk-1.2.6/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/net-libs/webkit-gtk-1.2.6/temp/environment'.
 * S: '/var/tmp/portage/net-libs/webkit-gtk-1.2.6/work/webkit-1.2.6'

>>> Failed to emerge net-libs/webkit-gtk-1.2.6, Log file:

Would you like me to add the logs to this report or file a new bug report?
Fortunately webkit-gtk-1.2.5 is OK on SPARC.
Comment 9 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-01-11 19:43:06 UTC
ppc stable
Comment 10 Alex Buell 2011-01-13 00:01:57 UTC
Created attachment 259664 [details]
(SPARC) emerge --info =net-libs/webkit-gtk-1.2.6
Comment 11 Alex Buell 2011-01-13 00:02:20 UTC
Created attachment 259666 [details]
(SPARC) emerge -pqv =net-libs/webkit-gtk-1.2.6'
Comment 12 Alex Buell 2011-01-13 00:03:08 UTC
Created attachment 259668 [details]
(SPARC) /var/tmp/portage/net-libs/webkit-gtk-1.2.6/temp/build.log
Comment 13 Alex Buell 2011-01-13 00:03:34 UTC
Created attachment 259670 [details]
(SPARC) /var/tmp/portage/net-libs/webkit-gtk-1.2.6/temp/environment
Comment 14 Gilles Dartiguelongue (RETIRED) gentoo-dev 2011-01-13 00:20:30 UTC
@Alex, this is not how you should handle bug reports wrt current stabilization, see what amd64 team did, open a new bug and make it block this one. Otherwise this bug will get bloated with problems unrelated to security issues.
Comment 15 Alex Buell 2011-01-13 00:42:38 UTC
(In reply to comment #14)
> @Alex, this is not how you should handle bug reports wrt current stabilization,
> see what amd64 team did, open a new bug and make it block this one. Otherwise
> this bug will get bloated with problems unrelated to security issues.

OK, next time I shall do so. Sorry about this, folks. 
Comment 16 Alex Buell 2011-01-13 14:44:14 UTC
Please add bug 351561 to the bug dependency. 
Comment 17 Markus Meier gentoo-dev 2011-01-15 12:11:12 UTC
arm stable
Comment 18 Raúl Porcel (RETIRED) gentoo-dev 2011-01-23 14:41:30 UTC
alpha/ia64/sparc stable
Comment 19 Tim Sammut (RETIRED) gentoo-dev 2011-02-07 05:26:56 UTC
Added to existing GLSA request.
Comment 20 GLSAMaker/CVETool Bot gentoo-dev 2014-12-12 00:36:23 UTC
This issue was resolved and addressed in
 GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml
by GLSA coordinator Sean Amoss (ackle).