Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#10866 closed enhancement (fixed)

webkitgtk-2.20.5

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: highest Milestone: 8.3
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Douglas R. Reno, 6 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 6 years ago

Summary: webkitgtk-2.20.3webkitgtk-2.20.5

First, some statistics need to be listed.

Security Vulnerabilities that affect us: 23

Vulnerabilities relating to information disclosure: 2

Vulnerabilities relating to arbitrary code execution: 15

Vulnerabilities relating to a crash or denial of service: 5

Vulnerabilities relating to data corruption: 1

Changes in 2.20.3: 

    Fix installation directory of API documentation.
    Disable Gigacage if mmap fails to allocate in Linux.
    Add user agent quirk for paypal website.
    Properly detect compiler flags, needed libs, and fallbacks for usage of 64-bit atomic operations.
    Fix a network process crash when trying to get cookies of about:blank page.
    Fix UI process crash when closing the window under Wayland.
    Fix several crashes and rendering issues.
    Security fixes: CVE-2018-4190, CVE-2018-4199, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233, CVE-2018-4246, CVE-2018-11646.

Security Vulnerabilites for 2.20.3: 


    Date Reported: June 13, 2018

    Advisory ID: WSA-2018-0005

    CVE identifiers: CVE-2018-4190, CVE-2018-4192, CVE-2018-4199, CVE-2018-4201, CVE-2018-4214, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233, CVE-2018-11646, CVE-2018-11712, CVE-2018-11713, CVE-2018-12293, CVE-2018-12294.

Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.

    CVE-2018-4190
        Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1.
        Credit to Jun Kokatsu (@shhnjk).
        Impact: Visiting a maliciously crafted website may leak sensitive data. Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method.
    CVE-2018-4192
        Versions affected: WebKitGTK+ before 2.20.1.
        Credit to Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro’s Zero Day Initiative.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A race condition was addressed with improved locking.
    CVE-2018-4199
        Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1.
        Credit to Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro’s Zero Day Initiative.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A buffer overflow issue was addressed with improved memory handling.
    CVE-2018-4201
        Versions affected: WebKitGTK+ before 2.20.1.
        Credit to an anonymous researcher.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
    CVE-2018-4214
        Versions affected: WebKitGTK+ before 2.20.0.
        Credit to OSS-Fuzz.
        Impact: Processing maliciously crafted web content may lead to an unexpected application crash. Description: A memory corruption issue was addressed with improved input validation.
    CVE-2018-4218
        Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1.
        Credit to Natalie Silvanovich of Google Project Zero.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
    CVE-2018-4222
        Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1.
        Credit to Natalie Silvanovich of Google Project Zero.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: An out-of-bounds read was addressed with improved input validation.
    CVE-2018-4232
        Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1.
        Credit to Aymeric Chaib.
        Impact: Visiting a maliciously crafted website may lead to cookies being overwritten. Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.
    CVE-2018-4233
        Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1.
        Credit to Samuel Groß (@5aelo) working with Trend Micro’s Zero Day Initiative.
        Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
    CVE-2018-11646
        Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1.
        Credit to Mishra Dhiraj.
        Maliciously crafted web content could trigger an application crash in WebKitFaviconDatabase, caused by mishandling unexpected input.
    CVE-2018-11712
        Versions affected: WebKitGTK+ 2.20.0 and 2.20.1.
        Credit to Metrological Group B.V.
        The libsoup network backend of WebKit failed to perform TLS certificate verification for WebSocket connections.
    CVE-2018-11713
        Versions affected: WebKitGTK+ before 2.20.0 or without libsoup 2.62.0.
        Credit to Dirkjan Ochtman.
        The libsoup network backend of WebKit unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.
    CVE-2018-12293
        Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1.
        Credit to ADlab of Venustech.
        Maliciously crafted web content could achieve a heap buffer overflow in ImageBufferCairo by exploiting multiple integer overflow issues.
    CVE-2018-12294
        Versions affected: WebKitGTK+ before 2.20.2.
        Credit to ADlab of Venustech.
        Maliciously crafted web content could trigger a use-after-free of a TextureMapperLayer object.

Changes in 2.20.4: 

    Fix a crash when leaving accelerated compositing mode.
    Fix non-deterministic build failure due to missing JavaScriptCore/JSContextRef.h.
    Security fixes: CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284.

Security Vulnerability fixes in 2.20.4: 

    Date Reported: August 07, 2018

    Advisory ID: WSA-2018-0006

    CVE identifiers: CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4271, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-2018-12911.

Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.

    CVE-2018-4246
        Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.1.
        Credit to OSS-Fuzz.
        Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling.
    CVE-2018-4261
        Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2.
        Credit to Omair working with Trend Micro’s Zero Day Initiative.
        Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.
    CVE-2018-4262
        Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2.
        Credit to Mateusz Krzywicki working with Trend Micro’s Zero Day Initiative.
        Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.
    CVE-2018-4263
        Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2.
        Credit to Arayz working with Trend Micro’s Zero Day Initiative.
        Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.
    CVE-2018-4264
        Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2.
        Credit to OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light- Year Security Lab.
        Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.
    CVE-2018-4265
        Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2.
        Credit to cc working with Trend Micro’s Zero Day Initiative.
        Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.
    CVE-2018-4266
        Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2.
        Credit to OSS-Fuzz.
        A malicious website may be able to cause a denial of service. A race condition was addressed with additional validation.
    CVE-2018-4267
        Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2.
        Credit to Arayz of Pangu team working with Trend Micro’s Zero Day Initiative.
        Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.
    CVE-2018-4270
        Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2.
        Credit to OSS-Fuzz.
        Processing maliciously crafted web content may lead to an unexpected application crash. A memory corruption issue was addressed with improved memory handling.
    CVE-2018-4271
        Versions affected: WebKitGTK+ before 2.20.2.
        Credit to OSS-Fuzz.
        Processing maliciously crafted web content may lead to an unexpected application crash. A memory corruption issue was addressed with improved input validation.
    CVE-2018-4272
        Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2.
        Credit to OSS-Fuzz.
        Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.
    CVE-2018-4273
        Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2.
        Credit to OSS-Fuzz.
        Processing maliciously crafted web content may lead to an unexpected application crash. A memory corruption issue was addressed with improved input validation.
    CVE-2018-4278
        Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2.
        Credit to Jun Kokatsu (@shhnjk).
        A malicious website may exfiltrate audio data cross-origin. Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.
    CVE-2018-4284
        Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2.
        Credit to OSS-Fuzz.
        Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling.
    CVE-2018-12911
        Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2.
        Credit to Yu Haiwan.
        Processing maliciously crafted web content may lead to arbitrary code execution. A buffer overflow issue was addressed with improved memory handling.

Changes in 2.20.5: 

Fix rendering artifacts in some web sites due to a bug introduced in 2.20.4.

I wrote this while it is building. Hopefully done by the end of tonight or Friday AM.

comment:3 by Douglas R. Reno, 6 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r20324

comment:4 by Douglas R. Reno, 6 years ago

Priority: normalhighest

Retroactively promoting to Highest priority for anyone who scans the ticketing system for vulnerabilities. This might be all I have the chance to do today.

Note: See TracTickets for help on using tickets.