Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1782 WebKitGTK+ and WPE WebKit Security Advisory 18 June 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: WebKitGTK+ WPE WebKit Publisher: WebKitGTK+ Operating System: Linux variants OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-12294 CVE-2018-12293 CVE-2018-11713 CVE-2018-11712 CVE-2018-11646 CVE-2018-4233 CVE-2018-4232 CVE-2018-4222 CVE-2018-4218 CVE-2018-4214 CVE-2018-4201 CVE-2018-4199 CVE-2018-4192 CVE-2018-4190 Reference: ESB-2018.1661 ESB-2018.1660 ESB-2018.1659 ESB-2018.1658 ESB-2018.1657 ESB-2018.1656 Original Bulletin: https://webkitgtk.org/security/WSA-2018-0005.html - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 - ------------------------------------------------------------------------ Date reported : June 13, 2018 Advisory ID : WSA-2018-0005 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0005.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0005.html CVE identifiers : CVE-2018-4190, CVE-2018-4192, CVE-2018-4199, CVE-2018-4201, CVE-2018-4214, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233, CVE-2018-11646, CVE-2018-11712, CVE-2018-11713, CVE-2018-12293, CVE-2018-12294. Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2018-4190 Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1. Credit to Jun Kokatsu (@shhnjk). Impact: Visiting a maliciously crafted website may leak sensitive data. Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. CVE-2018-4192 Versions affected: WebKitGTK+ before 2.20.1. Credit to Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A race condition was addressed with improved locking. CVE-2018-4199 Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1. Credit to Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4201 Versions affected: WebKitGTK+ before 2.20.1. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4214 Versions affected: WebKitGTK+ before 2.20.0. Credit to OSS-Fuzz. Impact: Processing maliciously crafted web content may lead to an unexpected application crash. Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4218 Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1. Credit to Natalie Silvanovich of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4222 Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1. Credit to Natalie Silvanovich of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4232 Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1. Credit to Aymeric Chaib. Impact: Visiting a maliciously crafted website may lead to cookies being overwritten. Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2018-4233 Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1. Credit to Samuel Gro=DF (@5aelo) working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-11646 Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1. Credit to Mishra Dhiraj. Maliciously crafted web content could trigger an application crash in WebKitFaviconDatabase, caused by mishandling unexpected input. CVE-2018-11712 Versions affected: WebKitGTK+ 2.20.0 and 2.20.1. Credit to Metrological Group B.V. The libsoup network backend of WebKit failed to perform TLS certificate verification for WebSocket connections. CVE-2018-11713 Versions affected: WebKitGTK+ before 2.20.0 or without libsoup 2.62.0. Credit to Dirkjan Ochtman. The libsoup network backend of WebKit unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. CVE-2018-12293 Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1. Credit to ADlab of Venustech. Maliciously crafted web content could achieve a heap buffer overflow in ImageBufferCairo by exploiting multiple integer overflow issues. CVE-2018-12294 Versions affected: WebKitGTK+ before 2.20.2. Credit to ADlab of Venustech. Maliciously crafted web content could trigger a use-after-free of a TextureMapperLayer object. We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running a safe version of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK+ and WPE WebKit security advisories can be found at https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK+ and WPE WebKit team, June 13, 2018 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWycno2aOgq3Tt24GAQjNiRAAlTzAmdwe0lE6VXODzbWH1ri+KPf7zmE9 lQbD5BIBcsmbSVz879VgY5sZtxnk0flb8yqD2iLdckUVwBRyIXF57TrzgEMrlkRv Ay3jmRHXe9YwIWb+rtMGZtFvtaHXllygxvWD/gNb6qXafIyiZq9offojgFXYDHTr oWIb/tPInISMTMQJYNNPGFXkBA0R6kasZvQeUdavfATZMpj+3VR0IE2l1YR+QOOR BtWULRIfVvTH9EBhYsPm7brV1jZ31Onylu3EzU64bZ0gqYuiYa5urR+X3LlWvWgm EAsEHgvHMy2sPTZGwifHX3/sM/i4eBnS7mqPKwZ4tDSkSueL2FnWT1mgsEA/hqHG 5JAxtiuVoL/G3lXKeiFkxAhYHOHmsqLkJNDf0xDSwWX9bh7wusuqlehabGW1fbOX HKlIYr88f5WROzKWWd1tat58FnfwQHr9Smet3rlc/fa18TchABxWK/88Jy5qN5+/ hPSZGHoVEV2/EiX7YX7E29u/8z5kh/Ptd7ILp9Ew3plDnQreBLX7pE2l9ZwowMR7 gJ6oduS+QBQ3pU29/Z80fTMfiRMkUdQ8RfWDDojie3uNTGyIMuEHk4PUVRLnK0ld +9MVvzTYXWjNF1uMufx/Q9t9TXGTCoIdmsT1ZRjiiSCTLrsGwTbK4Bp/XbTFOugo Gj1md17Kpi8= =apai -----END PGP SIGNATURE-----