Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 674702 (CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464, WSA-2018-0009) - <net-libs/webkit-gtk-2.22.5: multiple vulnerabilities (WSA-2018-0009)
Summary: <net-libs/webkit-gtk-2.22.5: multiple vulnerabilities (WSA-2018-0009)
Status: RESOLVED FIXED
Alias: CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464, WSA-2018-0009
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL: https://webkitgtk.org/security/WSA-20...
Whiteboard: A2 [glsa+ cve]
Keywords:
Depends on: CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386, CVE-2018-4392, CVE-2018-4416, WSA-2018-0008
Blocks:
  Show dependency tree
 
Reported: 2019-01-06 17:15 UTC by GLSAMaker/CVETool Bot
Modified: 2019-03-14 01:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-01-06 17:15:19 UTC 
Incoming details.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2019-01-06 17:19:30 UTC 
CVE-2018-4437
Versions affected: WebKitGTK+ before 2.22.5 and WPE WebKit before 2.22.3.

Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.


CVE-2018-4438
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before 2.22.1.

Processing maliciously crafted web content may lead to arbitrary code execution. A logic issue existed resulting in memory corruption. This was addressed with improved state management.


CVE-2018-4441
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before 2.22.1.

Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.


CVE-2018-4442
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before 2.22.1.

Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.


CVE-2018-4443
Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before 2.22.1.

Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.


CVE-2018-4464
Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.

Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.
Comment 2 Mart Raudsepp gentoo-dev 2019-01-14 19:54:23 UTC 
stabling done in dependent bug, cleanup done
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2019-03-07 22:00:19 UTC 
Arches and Maintainer(s), Thank you for your work.
Added to an existing GLSA Request.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2019-03-14 01:38:30 UTC 
This issue was resolved and addressed in
 GLSA 201903-12 at https://security.gentoo.org/glsa/201903-12
by GLSA coordinator Aaron Bauman (b-man).