Gentoo alert 201612-41 (webkit-gtk)
| From: | Aaron Bauman <bman@gentoo.org> | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 201612-41 ] WebKitGTK+: Multiple vulnerabilities | |
| Date: | Tue, 13 Dec 2016 19:19:05 +0900 | |
| Message-ID: | <30d39ed0-a42e-cd63-b739-2c5eed3eaf88@gentoo.org> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-41 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebKitGTK+: Multiple vulnerabilities Date: December 13, 2016 Bugs: #543650, #570034, #573656, #577068 ID: 201612-41 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may allow execution of arbitrary code. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. It offers WebKit’s full functionality and is useful in a wide range of systems from desktop computers to embedded systems like phones, tablets, and televisions. WebKitGTK+ is made by a lively community of developers and designers, who hope to bring the web platform to everyone. It’s the official web engine of the GNOME platform and is used in browsers such as Epiphany and Midori. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.4.10-r200 >= 2.4.10-r200 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker can use multiple vectors to execute arbitrary code or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-libs/webkit-gtk-2.4.10-r200" References ========== [ 1 ] CVE-2014-1748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748 [ 2 ] CVE-2014-3192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3192 [ 3 ] CVE-2014-4409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4409 [ 4 ] CVE-2014-4410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4410 [ 5 ] CVE-2014-4411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4411 [ 6 ] CVE-2014-4412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4412 [ 7 ] CVE-2014-4413 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4413 [ 8 ] CVE-2014-4414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4414 [ 9 ] CVE-2014-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4452 [ 10 ] CVE-2014-4459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4459 [ 11 ] CVE-2014-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4465 [ 12 ] CVE-2014-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4466 [ 13 ] CVE-2014-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4468 [ 14 ] CVE-2014-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4469 [ 15 ] CVE-2014-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4470 [ 16 ] CVE-2014-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4471 [ 17 ] CVE-2014-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4472 [ 18 ] CVE-2014-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4473 [ 19 ] CVE-2014-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4474 [ 20 ] CVE-2014-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4475 [ 21 ] CVE-2014-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4476 [ 22 ] CVE-2014-4477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4477 [ 23 ] CVE-2014-4479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4479 [ 24 ] CVE-2015-1068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1068 [ 25 ] CVE-2015-1069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1069 [ 26 ] CVE-2015-1070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1070 [ 27 ] CVE-2015-1071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1071 [ 28 ] CVE-2015-1072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1072 [ 29 ] CVE-2015-1073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1073 [ 30 ] CVE-2015-1074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1074 [ 31 ] CVE-2015-1075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1075 [ 32 ] CVE-2015-1076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1076 [ 33 ] CVE-2015-1077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1077 [ 34 ] CVE-2015-1080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1080 [ 35 ] CVE-2015-1081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1081 [ 36 ] CVE-2015-1082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1082 [ 37 ] CVE-2015-1083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1083 [ 38 ] CVE-2015-1084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1084 [ 39 ] CVE-2015-1119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1119 [ 40 ] CVE-2015-1120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1120 [ 41 ] CVE-2015-1121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1121 [ 42 ] CVE-2015-1122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1122 [ 43 ] CVE-2015-1124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1124 [ 44 ] CVE-2015-1126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1126 [ 45 ] CVE-2015-1127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1127 [ 46 ] CVE-2015-1152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1152 [ 47 ] CVE-2015-1153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1153 [ 48 ] CVE-2015-1154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1154 [ 49 ] CVE-2015-1155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1155 [ 50 ] CVE-2015-1156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1156 [ 51 ] CVE-2015-2330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330 [ 52 ] CVE-2015-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3658 [ 53 ] CVE-2015-3659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3659 [ 54 ] CVE-2015-3660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3660 [ 55 ] CVE-2015-3727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3727 [ 56 ] CVE-2015-3730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3730 [ 57 ] CVE-2015-3731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3731 [ 58 ] CVE-2015-3732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3732 [ 59 ] CVE-2015-3733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3733 [ 60 ] CVE-2015-3734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3734 [ 61 ] CVE-2015-3735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3735 [ 62 ] CVE-2015-3736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3736 [ 63 ] CVE-2015-3737 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3737 [ 64 ] CVE-2015-3738 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3738 [ 65 ] CVE-2015-3739 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3739 [ 66 ] CVE-2015-3740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3740 [ 67 ] CVE-2015-3741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3741 [ 68 ] CVE-2015-3742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3742 [ 69 ] CVE-2015-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3743 [ 70 ] CVE-2015-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3744 [ 71 ] CVE-2015-3745 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3745 [ 72 ] CVE-2015-3746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3746 [ 73 ] CVE-2015-3747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3747 [ 74 ] CVE-2015-3748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3748 [ 75 ] CVE-2015-3749 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3749 [ 76 ] CVE-2015-3750 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3750 [ 77 ] CVE-2015-3751 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3751 [ 78 ] CVE-2015-3752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3752 [ 79 ] CVE-2015-3753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3753 [ 80 ] CVE-2015-3754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3754 [ 81 ] CVE-2015-3755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3755 [ 82 ] CVE-2015-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5788 [ 83 ] CVE-2015-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5789 [ 84 ] CVE-2015-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5790 [ 85 ] CVE-2015-5791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5791 [ 86 ] CVE-2015-5792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5792 [ 87 ] CVE-2015-5793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5793 [ 88 ] CVE-2015-5794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5794 [ 89 ] CVE-2015-5795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5795 [ 90 ] CVE-2015-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5797 [ 91 ] CVE-2015-5798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5798 [ 92 ] CVE-2015-5799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5799 [ 93 ] CVE-2015-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5800 [ 94 ] CVE-2015-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5801 [ 95 ] CVE-2015-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5802 [ 96 ] CVE-2015-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5803 [ 97 ] CVE-2015-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5804 [ 98 ] CVE-2015-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5805 [ 99 ] CVE-2015-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5806 [ 100 ] CVE-2015-5807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5807 [ 101 ] CVE-2015-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5809 [ 102 ] CVE-2015-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5810 [ 103 ] CVE-2015-5811 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5811 [ 104 ] CVE-2015-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5812 [ 105 ] CVE-2015-5813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5813 [ 106 ] CVE-2015-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5814 [ 107 ] CVE-2015-5815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5815 [ 108 ] CVE-2015-5816 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5816 [ 109 ] CVE-2015-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5817 [ 110 ] CVE-2015-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5818 [ 111 ] CVE-2015-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5819 [ 112 ] CVE-2015-5822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5822 [ 113 ] CVE-2015-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5823 [ 114 ] CVE-2015-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5825 [ 115 ] CVE-2015-5826 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5826 [ 116 ] CVE-2015-5827 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5827 [ 117 ] CVE-2015-5828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5828 [ 118 ] CVE-2015-5928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5928 [ 119 ] CVE-2015-5929 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5929 [ 120 ] CVE-2015-5930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5930 [ 121 ] CVE-2015-5931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5931 [ 122 ] CVE-2015-7002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7002 [ 123 ] CVE-2015-7012 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7012 [ 124 ] CVE-2015-7013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7013 [ 125 ] CVE-2015-7014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7014 [ 126 ] CVE-2015-7048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7048 [ 127 ] CVE-2015-7095 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7095 [ 128 ] CVE-2015-7096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096 [ 129 ] CVE-2015-7097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7097 [ 130 ] CVE-2015-7098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098 [ 131 ] CVE-2015-7099 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7099 [ 132 ] CVE-2015-7100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7100 [ 133 ] CVE-2015-7102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7102 [ 134 ] CVE-2015-7103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7103 [ 135 ] CVE-2015-7104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7104 [ 136 ] CVE-2016-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723 [ 137 ] CVE-2016-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724 [ 138 ] CVE-2016-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725 [ 139 ] CVE-2016-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726 [ 140 ] CVE-2016-1727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727 [ 141 ] CVE-2016-1728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201612-41 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5