WebKitGTK+ Security Advisory WSA-2017-0010
-
Date Reported: December 19, 2017
-
Advisory ID: WSA-2017-0010
-
CVE identifiers: CVE-2017-7156, CVE-2017-7157, CVE-2017-13856, CVE-2017-13866, CVE-2017-13870.
Several vulnerabilities were discovered in WebKitGTK+.
- CVE-2017-7156
- Versions affected: WebKitGTK+ before 2.18.4.
- Credit to an anonymous researcher.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-7157
- Versions affected: WebKitGTK+ before 2.18.1.
- Credit to an anonymous researcher.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-13856
- Versions affected: WebKitGTK+ before 2.18.4.
- Credit to Jeonghoon Shin.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-13866
- Versions affected: WebKitGTK+ before 2.18.4.
- Credit to an anonymous researcher.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-13870
- Versions affected: WebKitGTK+ before 2.18.4.
- Credit to an anonymous researcher.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.
Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html