------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2017-0005 ------------------------------------------------------------------------ Date reported : June 21, 2017 Advisory ID : WSA-2017-0005 Advisory URL : https://webkitgtk.org/security/WSA-2017-0005.html CVE identifiers : CVE-2017-2538, CVE-2017-2424. Several vulnerabilities were discovered in WebKitGTK+. CVE-2017-2538 Versions affected: WebKitGTK+ before 2.16.4. Credit to Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-2424 Versions affected: WebKitGTK+ before 2.16.0. Credit to Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London. Impact: Processing maliciously crafted web content may result in the disclosure of process memory. Description: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, June 21, 2017
Attachment:
signature.asc
Description: OpenPGP digital signature