[Fwd: [webkit-gtk] WebKitGTK+ Security Advisory WSA-2016-0001]

From: Michael Catanzaro <mcatanzaro gnome org>
To: distributor-list gnome org
Subject: [Fwd: [webkit-gtk] WebKitGTK+ Security Advisory WSA-2016-0001]
Date: Fri, 11 Mar 2016 09:44:33 -0600

--- Begin Message ---

From: Carlos Alberto Lopez Perez <clopez igalia com>
To: webkit-gtk lists webkit org
Cc: oss-security lists openwall com, bugtraq securityfocus com
Subject: [webkit-gtk] WebKitGTK+ Security Advisory WSA-2016-0001
Date: Mon, 01 Feb 2016 18:02:28 +0100

------------------------------------------------------------------------
WebKitGTK+ Security Advisory                               WSA-2016-0001
------------------------------------------------------------------------

Date reported      : February 01, 2016
Advisory ID        : WSA-2016-0001
Advisory URL       : http://webkitgtk.org/security/WSA-2016-0001.html
CVE identifiers    : CVE-2015-7096, CVE-2015-7098.

Several vulnerabilities were discovered on WebKitGTK+.

CVE-2015-7096
    Versions affected: WebKitGTK+ before 2.10.5.
    Credit to Apple.
    WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before
    9.1 allows remote attackers to execute arbitrary code or cause a
    denial of service (memory corruption and application crash) via a
    crafted web site, a different vulnerability than CVE-2015-7048,
    CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099,
    CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.

CVE-2015-7098
    Versions affected: WebKitGTK+ before 2.10.5.
    Credit to Apple.
    WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before
    9.1 allows remote attackers to execute arbitrary code or cause a
    denial of service (memory corruption and application crash) via a
    crafted web site, a different vulnerability than CVE-2015-7048,
    CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099,
    CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.


We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.

Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html

The WebKitGTK+ team,
February 01, 2016

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
webkit-gtk mailing list
webkit-gtk lists webkit org
https://lists.webkit.org/mailman/listinfo/webkit-gtk

--- End Message ---

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]