Joined: 12 May 2004
|Posted: Sun Oct 15, 2017 6:26 am Post subject: [ GLSA 201710-14 ] WebKitGTK+
|Gentoo Linux Security Advisory
Title: WebKitGTK+: Multiple Vulnerabilities (GLSA 201710-14)
Multiple vulnerabilities have been found in WebkitGTK+, the worst
of which may allow remote attackers to execute arbitrary code.
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, offers
Webkit’s full functionality and is used on a wide range of systems.
Vulnerable: < 2.16.6
Unaffected: >= 2.16.6
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the references below for details.
A remote attacker could execute arbitrary code, cause a Denial of
Service condition, bypass intended memory-read restrictions, conduct a
timing side-channel attack to bypass the Same Origin Policy, obtain
sensitive information, or spoof the address bar.
There is no known workaround at this time.
All WebKitGTK+ users should upgrade to the latest version:
Packages which depend on this library may need to be recompiled. Tools
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.6"
such as revdep-rebuild may assist in identifying some of these packages.
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum