ArchLinuxASA-201704-9[ASA-201704-9] webkit2gtk: multiple issues
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.238 Low
EPSS
Percentile
96.5%
Arch Linux Security Advisory ASA-201704-9
Severity: Critical
Date : 2017-04-28
CVE-ID : CVE-2016-9642 CVE-2016-9643 CVE-2017-2367 CVE-2017-2376
CVE-2017-2377 CVE-2017-2386 CVE-2017-2392 CVE-2017-2394
CVE-2017-2395 CVE-2017-2396 CVE-2017-2405 CVE-2017-2415
CVE-2017-2419 CVE-2017-2433 CVE-2017-2442 CVE-2017-2445
CVE-2017-2446 CVE-2017-2447 CVE-2017-2454 CVE-2017-2455
CVE-2017-2457 CVE-2017-2459 CVE-2017-2460 CVE-2017-2464
CVE-2017-2465 CVE-2017-2466 CVE-2017-2468 CVE-2017-2469
CVE-2017-2470 CVE-2017-2471 CVE-2017-2475 CVE-2017-2476
CVE-2017-2481
Package : webkit2gtk
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-235
Summary
The package webkit2gtk before version 2.16.1-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, content spoofing, cross-site scripting, information disclosure,
same-origin policy bypass and denial of service.
Resolution
Upgrade to 2.16.1-1.
pacman -Syu “webkit2gtk>=2.16.1-1”
The problems have been fixed upstream in version 2.16.1.
Workaround
None.
Description
- CVE-2016-9642 (denial of service)
JavaScriptCore in WebKitGTK+ before 2.16.0 allows attackers to cause a
denial of service (out-of-bounds heap read) via a crafted Javascript
file.
- CVE-2016-9643 (denial of service)
The regex code in WebKitGTK+ before 2.14.6 allows remote attackers to
cause a denial of service (memory consumption) as demonstrated in a
large number of ($ (open parenthesis and dollar) followed by {-2,16}
and a large number of +) (plus close parenthesis).
- CVE-2017-2367 (same-origin policy bypass)
An issue has been found in WebKit, allowing remote attackers to bypass
the Same Origin Policy and obtain sensitive information via a crafted
web site.
- CVE-2017-2376 (content spoofing)
An issue has been found in WebKit, allowing remote attackers to spoof
the address bar by leveraging text input during the loading of a page.
- CVE-2017-2377 (denial of service)
This issue involves the “WebKit Web Inspector” component. It allows
attackers to cause a denial of service (memory corruption and
application crash) by leveraging a window-close action during a
debugger-pause state.
- CVE-2017-2386 (same-origin policy bypass)
An issue has been found in WebKit, allowing remote attackers to bypass
the Same Origin Policy and obtain sensitive information via a crafted
web site.
- CVE-2017-2392 (arbitrary code execution)
An issue has been found in WebKit, allowing attackers to execute
arbitrary code or cause a denial of service (memory corruption) via a
crafted app.
- CVE-2017-2394 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2395 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2396 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2405 (arbitrary code execution)
An issue has been found in the “WebKit Web Inspector” component. It
allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site.
- CVE-2017-2415 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code by leveraging an unspecified “type confusion.”.
- CVE-2017-2419 (access restriction bypass)
An issue has been found in WebKit, allowing remote attackers to bypass
a Content Security Policy protection mechanism via unspecified vectors.
- CVE-2017-2433 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2442 (same-origin policy bypass)
An issue has been found in WebKit, involving the “WebKit JavaScript
Bindings” component. It allows remote attackers to bypass the Same
Origin Policy and obtain sensitive information via a crafted web site.
- CVE-2017-2445 (cross-site scripting)
An issue has been found in WebKit, allowing remote attackers to conduct
Universal XSS (UXSS) attacks via crafted frame objects.
- CVE-2017-2446 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code via a crafted web site that leverages the mishandling of
strict mode functions.
- CVE-2017-2447 (information disclosure)
An issue has been found in WebKit, allowing remote attackers to obtain
sensitive information or cause a denial of service (memory corruption)
via a crafted web site.
- CVE-2017-2454 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2455 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2457 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2459 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2460 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2464 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2465 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2466 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2468 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2469 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2470 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2471 (arbitrary code execution)
A use-after-free vulnerability has been found in WebKit, allowing
remote attackers to execute arbitrary code via a crafted web site.
- CVE-2017-2475 (cross-site scripting)
An issue has been found in WebKit, allowing remote attackers to conduct
Universal XSS (UXSS) attacks via crafted use of frames on a web site.
- CVE-2017-2476 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
- CVE-2017-2481 (arbitrary code execution)
An issue has been found in WebKit, allowing remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
Impact
A remote attacker can bypass access restrictions, spoof content, access
sensitive information, cause a crash and execute arbitrary code on the
affected host.
References
https://webkitgtk.org/security/WSA-2017-0003.html
https://security.archlinux.org/CVE-2016-9642
https://security.archlinux.org/CVE-2016-9643
https://security.archlinux.org/CVE-2017-2367
https://security.archlinux.org/CVE-2017-2376
https://security.archlinux.org/CVE-2017-2377
https://security.archlinux.org/CVE-2017-2386
https://security.archlinux.org/CVE-2017-2392
https://security.archlinux.org/CVE-2017-2394
https://security.archlinux.org/CVE-2017-2395
https://security.archlinux.org/CVE-2017-2396
https://security.archlinux.org/CVE-2017-2405
https://security.archlinux.org/CVE-2017-2415
https://security.archlinux.org/CVE-2017-2419
https://security.archlinux.org/CVE-2017-2433
https://security.archlinux.org/CVE-2017-2442
https://security.archlinux.org/CVE-2017-2445
https://security.archlinux.org/CVE-2017-2446
https://security.archlinux.org/CVE-2017-2447
https://security.archlinux.org/CVE-2017-2454
https://security.archlinux.org/CVE-2017-2455
https://security.archlinux.org/CVE-2017-2457
https://security.archlinux.org/CVE-2017-2459
https://security.archlinux.org/CVE-2017-2460
https://security.archlinux.org/CVE-2017-2464
https://security.archlinux.org/CVE-2017-2465
https://security.archlinux.org/CVE-2017-2466
https://security.archlinux.org/CVE-2017-2468
https://security.archlinux.org/CVE-2017-2469
https://security.archlinux.org/CVE-2017-2470
https://security.archlinux.org/CVE-2017-2471
https://security.archlinux.org/CVE-2017-2475
https://security.archlinux.org/CVE-2017-2476
https://security.archlinux.org/CVE-2017-2481
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ArchLinux | any | any | webkit2gtk | < 2.16.1-1 | UNKNOWN |
References
security.archlinux.org/AVG-235
security.archlinux.org/CVE-2016-9642
security.archlinux.org/CVE-2016-9643
security.archlinux.org/CVE-2017-2367
security.archlinux.org/CVE-2017-2376
security.archlinux.org/CVE-2017-2377
security.archlinux.org/CVE-2017-2386
security.archlinux.org/CVE-2017-2392
security.archlinux.org/CVE-2017-2394
security.archlinux.org/CVE-2017-2395
security.archlinux.org/CVE-2017-2396
security.archlinux.org/CVE-2017-2405
security.archlinux.org/CVE-2017-2415
security.archlinux.org/CVE-2017-2419
security.archlinux.org/CVE-2017-2433
security.archlinux.org/CVE-2017-2442
security.archlinux.org/CVE-2017-2445
security.archlinux.org/CVE-2017-2446
security.archlinux.org/CVE-2017-2447
security.archlinux.org/CVE-2017-2454
security.archlinux.org/CVE-2017-2455
security.archlinux.org/CVE-2017-2457
security.archlinux.org/CVE-2017-2459
security.archlinux.org/CVE-2017-2460
security.archlinux.org/CVE-2017-2464
security.archlinux.org/CVE-2017-2465
security.archlinux.org/CVE-2017-2466
security.archlinux.org/CVE-2017-2468
security.archlinux.org/CVE-2017-2469
security.archlinux.org/CVE-2017-2470
security.archlinux.org/CVE-2017-2471
security.archlinux.org/CVE-2017-2475
security.archlinux.org/CVE-2017-2476
security.archlinux.org/CVE-2017-2481
webkitgtk.org/security/WSA-2017-0003.html
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.238 Low
EPSS
Percentile
96.5%