webkit2gtk: multiple issues

2016-09-01T00:00:00
ID ASA-201609-2
Type archlinux
Reporter Arch Linux
Modified 2016-09-01T00:00:00

Description

  • CVE-2016-4590 (same-origin policy bypass)

xisigr of Tencent’s Xuanwu Lab discovered a vulnerability in the way webkit handles URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

  • CVE-2016-4591 (arbitrary filesystem access)

ma.la of LINE Corporation discoveered a vulnerability in the way webkit handles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

  • CVE-2016-4622 (arbitrary code execution)

Samuel Gross working with Trend Micro’s Zero Day Initiative discovered a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

  • CVE-2016-4624 (arbitrary code execution)

Apple found a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.