Lucene search

K
gentooGentoo FoundationGLSA-201710-14
HistoryOct 13, 2017 - 12:00 a.m.

WebKitGTK+: Multiple Vulnerabilities

2017-10-1300:00:00
Gentoo Foundation
security.gentoo.org
23

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9

Confidence

Low

EPSS

0.085

Percentile

94.5%

Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, offers Webkit’s full functionality and is used on a wide range of systems.

Description

Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the references below for details.

Impact

A remote attacker could execute arbitrary code, cause a Denial of Service condition, bypass intended memory-read restrictions, conduct a timing side-channel attack to bypass the Same Origin Policy, obtain sensitive information, or spoof the address bar.

Workaround

There is no known workaround at this time.

Resolution

All WebKitGTK+ users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.6"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-libs/webkit-gtk< 2.16.6UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9

Confidence

Low

EPSS

0.085

Percentile

94.5%