Lucene search

K
gentooGentoo FoundationGLSA-201801-09
HistoryJan 07, 2018 - 12:00 a.m.

WebkitGTK+: Multiple vulnerabilities

2018-01-0700:00:00
Gentoo Foundation
security.gentoo.org
13

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

78.1%

Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine.

Description

Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the referenced CVE Identifiers for details.

Impact

An attacker, by enticing a user to visit maliciously crafted web content, may be able to execute arbitrary code or cause memory corruption.

Workaround

There are no known workarounds at this time.

Resolution

All WebkitGTK+ users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.4:4"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-libs/webkit-gtk< 2.18.4UNKNOWN

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

78.1%