Several vulnerabilities have been discovered in WebKit, a Web content engine
library for GTK+. The Common Vulnerabilities and Exposures project identifies
the following problems:
- CVE-2010-1783
WebKit does not properly handle dynamic modification of a text node, which
allows remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) via a crafted HTML
document.
- CVE-2010-2901
The rendering implementation in WebKit allows remote attackers to cause a
denial of service (memory corruption) or possibly have unspecified other
impact via unknown vectors.
- CVE-2010-4199
WebKit does not properly perform a cast of an unspecified variable during
processing of an SVG <use> element, which allows remote attackers to cause a
denial of service or possibly have unspecified other impact via a crafted SVG
document.
- CVE-2010-4040
WebKit does not properly handle animated GIF images, which allows remote
attackers to cause a denial of service (memory corruption) or possibly have
unspecified other impact via a crafted image.
- CVE-2010-4492
Use-after-free vulnerability in WebKit allows remote attackers to cause a
denial of service or possibly have unspecified other impact via vectors
involving SVG animations.
- CVE-2010-4493
Use-after-free vulnerability in WebKit allows remote attackers to cause a
denial of service via vectors related to the handling of mouse dragging
events.
- CVE-2010-4577
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in
WebKit does not properly parse Cascading Style Sheets (CSS) token sequences,
which allows remote attackers to cause a denial of service (out-of-bounds
read) via a crafted local font, related to Type Confusion.
- CVE-2010-4578
WebKit does not properly perform cursor handling, which allows remote
attackers to cause a denial of service or possibly have unspecified other
impact via unknown vectors that lead to stale pointers.
- CVE-2011-0482
WebKit does not properly perform a cast of an unspecified variable during
handling of anchors, which allows remote attackers to cause a denial of
service or possibly have unspecified other impact via a crafted HTML
document.
- CVE-2011-0778
WebKit does not properly restrict drag and drop operations, which might
allow remote attackers to bypass the Same Origin Policy via unspecified
vectors.
For the stable distribution (squeeze), these problems have been fixed
in version 1.2.7-0+squeeze1.
For the testing distribution (wheezy), and the unstable distribution (sid),
these problems have been fixed in version 1.2.7-1.
Security support for WebKit has been discontinued for the oldstable
distribution (lenny). The current version in oldstable is not supported by
upstream anymore and is affected by several security issues. Backporting fixes
for these and any future issues has become unfeasible and therefore we need to
drop our security support for the version in oldstable.
We recommend that you upgrade your webkit packages.