------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2017-0007 ------------------------------------------------------------------------ Date reported : August 25, 2017 Advisory ID : WSA-2017-0007 Advisory URL : https://webkitgtk.org/security/WSA-2017-0007.html CVE identifiers : CVE-2017-1000121, CVE-2017-1000122. Several vulnerabilities were discovered in WebKitGTK+. CVE-2017-1000121 Versions affected: WebKitGTK+ before 2.16.3. Credit to Nathan Crandall. Impact: Processing maliciously crafted input may lead to arbitrary code execution or application crash. Description: An input validation issue on the handling of UNIX IPC messages may allow an attacker to trigger an integer overflow. The issue was addressed through improved state management. CVE-2017-1000122 Versions affected: WebKitGTK+ before 2.16.3. Credit to Nathan Crandall. Impact: Processing maliciously crafted input may lead to application crash. Description: An input validation issue on the handling of UNIX IPC messages allows an attacker to trigger an application crash. The issue was addressed through improved state management. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, August 25, 2017
Attachment:
signature.asc
Description: OpenPGP digital signature