WebKitGTK+ Security Advisory WSA-2017-0006

• Date Reported: July 25, 2017

• Advisory ID: WSA-2017-0006

• CVE identifiers: CVE-2017-7006, CVE-2017-7011, CVE-2017-7012, CVE-2017-7018, CVE-2017-7019, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7038, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7059, CVE-2017-7061, CVE-2017-7064.

Several vulnerabilities were discovered in WebKitGTK+.

• CVE-2017-7006
  • Versions affected: WebKitGTK+ before 2.16.2.
  • Credit to David Kohlbrenner of UC San Diego, an anonymous researcher.
  • Impact: A malicious website may exfiltrate data cross-origin. Description: Processing maliciously crafted web content may allow cross-origin data to be exfiltrated by using SVG filters to conduct a timing side-channel attack. This issue was addressed by not painting the cross-origin buffer into the frame that gets filtered.
• CVE-2017-7011
  • Versions affected: WebKitGTK+ before 2.16.3.
  • Credit to xisigr of Tencent’s Xuanwu Lab (tencent.com).
  • Impact: Visiting a malicious website may lead to address bar spoofing. Description: A state management issue was addressed with improved frame handling.
• CVE-2017-7012
  • Versions affected: WebKitGTK+ before 2.16.2.
  • Credit to Apple.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7018
  • Versions affected: WebKitGTK+ before 2.16.6.
  • Credit to lokihardt of Google Project Zero.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7019
  • Versions affected: WebKitGTK+ before 2.16.2.
  • Credit to Zhiyang Zeng of Tencent Security Platform Department.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7020
  • Versions affected: WebKitGTK+ before 2.16.1.
  • Credit to likemeng of Baidu Security Lab.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7030
  • Versions affected: WebKitGTK+ before 2.16.6.
  • Credit to chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室).
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7034
  • Versions affected: WebKitGTK+ before 2.16.6.
  • Credit to chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室).
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7037
  • Versions affected: WebKitGTK+ before 2.16.6.
  • Credit to lokihardt of Google Project Zero.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7038
  • Versions affected: WebKitGTK+ before 2.16.2.
  • Credit to Neil Jenkins of FastMail Pty Ltd, Egor Karbutov (@ShikariSenpai) of Digital Security and Egor Saltykov (@ansjdnakjdnajkd) of Digital Security.
  • Impact: Processing maliciously crafted web content with DOMParser may lead to cross site scripting. Description: A logic issue existed in the handling of DOMParser. This issue was addressed with improved state management.
• CVE-2017-7039
  • Versions affected: WebKitGTK+ before 2.16.6.
  • Credit to Ivan Fratric of Google Project Zero.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7040
  • Versions affected: WebKitGTK+ before 2.16.3.
  • Credit to Ivan Fratric of Google Project Zero.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7041
  • Versions affected: WebKitGTK+ before 2.16.2.
  • Credit to Ivan Fratric of Google Project Zero.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7042
  • Versions affected: WebKitGTK+ before 2.16.2.
  • Credit to Ivan Fratric of Google Project Zero.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7043
  • Versions affected: WebKitGTK+ before 2.16.2.
  • Credit to Ivan Fratric of Google Project Zero.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7046
  • Versions affected: WebKitGTK+ before 2.16.6.
  • Credit to Ivan Fratric of Google Project Zero.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7048
  • Versions affected: WebKitGTK+ before 2.16.6.
  • Credit to Ivan Fratric of Google Project Zero.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7049
  • Versions affected: WebKitGTK+ before 2.16.2.
  • Credit to Ivan Fratric of Google Project Zero.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed through improved memory handling.
• CVE-2017-7052
  • Versions affected: WebKitGTK+ before 2.16.4.
  • Credit to cc working with Trend Micro’s Zero Day Initiative.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7055
  • Versions affected: WebKitGTK+ before 2.16.6.
  • Credit to The UK’s National Cyber Security Centre (NCSC).
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7056
  • Versions affected: WebKitGTK+ before 2.16.6.
  • Credit to lokihardt of Google Project Zero.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7059
  • Versions affected: WebKitGTK+ before 2.16.3.
  • Credit to an anonymous researcher.
  • Impact: Processing maliciously crafted web content with DOMParser may lead to cross site scripting. Description: A logic issue existed in the handling of DOMParser. This issue was addressed with improved state management.
• CVE-2017-7061
  • Versions affected: WebKitGTK+ before 2.16.6.
  • Credit to lokihardt of Google Project Zero.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
• CVE-2017-7064
  • Versions affected: WebKitGTK+ before 2.16.6.
  • Credit to lokihardt of Google Project Zero.
  • Impact: An application may be able to read restricted memory. Description: A memory initialization issue was addressed through improved memory handling.

We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.

Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html