LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2011-1224 (webkitgtk)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 13 Update: webkitgtk-1.2.7-1.fc13 


Date:
    	      Fri, 18 Feb 2011 01:51:56 +0000


Message-ID:
    	      <20110218015156.40EED1109D9@bastion02.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-1224
2011-02-09 19:50:02
--------------------------------------------------------------------------------

Name        : webkitgtk
Product     : Fedora 13
Version     : 1.2.7
Release     : 1.fc13
URL         : http://www.webkitgtk.org/
Summary     : GTK+ Web content engine library
Description :
WebKitGTK+ is the port of the portable web rendering engine WebKit to the
GTK+ platform.

--------------------------------------------------------------------------------
Update Information:

* Fixes the following CVEs: CVE-2010-4492 CVE-2010-4493 CVE-2011-0482 CVE-2010-4199 CVE-2010-4578
CVE-2010-4040 CVE-2011-0778 CVE-2010-2901 CVE-2010-4042

* Fixes a regression caused by earlier fix for CVE-2010-1791. This caused webkitgtk to crash on
certain sites with javascript.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  9 2011 Huzaifa Sidhpurwala <huzaifas@redhat.com> - 1.2.7
- Update to 1.2.7
* Tue Jan 25 2011 Huzaifa Sidhpurwala <huzaifas@redhat.com> - 1.2.6-2
- Fix regression from the earlier security fix
- Fixes rhbz #670142
* Tue Jan  4 2011 Huzaifa Sidhpurwala <huzaifas@redhat.com> - 1.2.6-1
- Update to 1.2.6.
- Fixes CVE-2010-4198 CVE-2010-4197 CVE-2010-4204 CVE-2010-4206
- Fixes CVE-2010-1791 CVE-2010-3812 CVE-2010-3813
- Document fix for CVE-2010-3255 CVE-2010-3119
* Mon Oct  4 2010 Kevin Fenzi <kevin@tummy.com> - 1.2.5-1
- Update to 1.2.5. 
- Fixes: CVE-2010-3113 CVE-2010-1814 CVE-2010-1812
- Fixes: CVE-2010-1815 CVE-2010-3115 CVE-2010-1807 CVE-2010-3114
- Fixes: CVE-2010-3116 CVE-2010-3257 CVE-2010-3259
* Wed Sep  8 2010 Kevin Fenzi <kevin@tummy.com> - 1.2.4-1
- Update to 1.2.4 which fixes: 
- Fixes: CVE-2010-1780 CVE-2010-1782 CVE-2010-1784 CVE-2010-1785
- Fixes: CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790
- Fixes: CVE-2010-1792 CVE-2010-1793 CVE-2010-2648
- Update to 1.2.3 which fixes: 
- Fixes: CVE-2010-1386 CVE-2010-1392 CVE-2010-1405 CVE-2010-1407
- Fixes: CVE-2010-1416 CVE-2010-1417 CVE-2010-1665 CVE-2010-1418
- Fixes: CVE-2010-1421 CVE-2010-1422 CVE-2010-1501 CVE-2010-1767
- Fixes: CVE-2010-1664 CVE-2010-1758 CVE-2010-1759 CVE-2010-1760
- Fixes: CVE-2010-1761 CVE-2010-1762 CVE-2010-1770 CVE-2010-1771
- Fixes: CVE-2010-1772 CVE-2010-1773 CVE-2010-1774 CVE-2010-2264
- Fixes bugs: 606303 606304 615728 615729 631583
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #676201 - CVE-2010-4492 WebKit: Use-after-free vulnerability in SVG animations
        https://bugzilla.redhat.com/show_bug.cgi?id=676201
  [ 2 ] Bug #676202 - CVE-2010-4493 WebKit: Use-after-free vulnerability related to handling of
mouse dragging events.
        https://bugzilla.redhat.com/show_bug.cgi?id=676202
  [ 3 ] Bug #676203 - CVE-2011-0482 WebKit: Bad cast during handling of anchors causes crash via
crafted HTML documents
        https://bugzilla.redhat.com/show_bug.cgi?id=676203
  [ 4 ] Bug #656122 - CVE-2010-4199 WebKit: Improper cast of an unspecified variable during
processing of an SVG use element
        https://bugzilla.redhat.com/show_bug.cgi?id=656122
  [ 5 ] Bug #676207 - CVE-2010-4578 WebKit: Stale SVG pointer in Cursors DOM
        https://bugzilla.redhat.com/show_bug.cgi?id=676207
  [ 6 ] Bug #657101 - CVE-2010-4040 WebKit: crafted animated GIF image could cause DoS (memory
corruption)
        https://bugzilla.redhat.com/show_bug.cgi?id=657101
  [ 7 ] Bug #676209 - CVE-2011-0778 WebKit: restrict cross-origin drag+drop in WebKit
        https://bugzilla.redhat.com/show_bug.cgi?id=676209
  [ 8 ] Bug #676210 - CVE-2010-2901 WebKit: Memory corruption with crash in
RenderObject::containingBlock()
        https://bugzilla.redhat.com/show_bug.cgi?id=676210
  [ 9 ] Bug #676212 - CVE-2010-4042 WebKit: Stale elements in an element map causes webkit to
crash
        https://bugzilla.redhat.com/show_bug.cgi?id=676212
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update webkitgtk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds