ESB-2018.3636 - [Win][UNIX/Linux] Webkit: Multiple vulnerabilities 2018-11-22

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3636
         WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008
                             22 November 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           WebKitGTK+
                   WPE WebKit
Publisher:         Webkit
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Cross-site Scripting            -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-4416 CVE-2018-4392 CVE-2018-4386
                   CVE-2018-4382 CVE-2018-4378 CVE-2018-4376
                   CVE-2018-4375 CVE-2018-4373 CVE-2018-4372
                   CVE-2018-4345  

Reference:         ESB-2018.3353.2
                   ESB-2018.3352.2
                   ESB-2018.3048
                   ESB-2018.2859

Original Bulletin: 
   https://webkitgtk.org/security/WSA-2018-0008.html
   https://wpewebkit.org/security/WSA-2018-0008.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- ------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory                WSA-2018-0008
- ------------------------------------------------------------------------

Date reported           : November 21, 2018
Advisory ID             : WSA-2018-0008
WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0008.html
WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0008.html
CVE identifiers         : CVE-2018-4345, CVE-2018-4372, CVE-2018-4373,
                          CVE-2018-4375, CVE-2018-4376, CVE-2018-4378,
                          CVE-2018-4382, CVE-2018-4386, CVE-2018-4392,
                          CVE-2018-4416.

Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.

CVE-2018-4345
    Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
    2.22.1.
    Credit to an anonymous researcher.
    A cross-site scripting issue existed in WebKit. This issue was
    addressed with improved URL validation.

CVE-2018-4372
    Versions affected: WebKitGTK+ before 2.22.4 and WPE WebKit before
    2.22.2.
    Credit to HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST
    Softsec Lab, Korea.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. Multiple memory corruption issues were addressed
    with improved memory handling.

CVE-2018-4373
    Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
    Credit to ngg, alippai, DirtYiCE, KT of Tresorit working with Trend
    Micro=FFs Zero Day Initiative.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. Multiple memory corruption issues were addressed
    with improved memory handling.

CVE-2018-4375
    Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
    2.22.0.
    Credit to Yu Haiwan and Wu Hongjun From Nanyang Technological
    University working with Trend Micro's Zero Day Initiative.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. Multiple memory corruption issues were addressed
    with improved memory handling.

CVE-2018-4376
    Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
    2.22.0.
    Credit to 010 working with Trend Micro's Zero Day Initiative.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. Multiple memory corruption issues were addressed
    with improved memory handling.

CVE-2018-4378
    Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
    2.22.0.
    Credit to an anonymous researcher, zhunki of 360 ESG Codesafe Team.
    Processing maliciously crafted web content may lead to code
    execution. A memory corruption issue was addressed with improved
    validation.

CVE-2018-4382
    Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
    2.22.0.
    Credit to lokihardt of Google Project Zero.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. Multiple memory corruption issues were addressed
    with improved memory handling.

CVE-2018-4386
    Versions affected: WebKitGTK+ before 2.22.3 and WPE WebKit before
    2.22.1.
    Credit to lokihardt of Google Project Zero.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. Multiple memory corruption issues were addressed
    with improved memory handling.

CVE-2018-4392
    Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
    2.22.0.
    Credit to zhunki of 360 ESG Codesafe Team.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. Multiple memory corruption issues were addressed
    with improved memory handling.

CVE-2018-4416
    Versions affected: WebKitGTK+ before 2.22.1 and WPE WebKit before
    2.22.0.
    Credit to lokihardt of Google Project Zero.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. Multiple memory corruption issues were addressed
    with improved memory handling.


We recommend updating to the latest stable versions of WebKitGTK+ and
WPE WebKit. It is the best way to ensure that you are running safe
versions of WebKit. Please check our websites for information about the
latest stable releases.

Further information about WebKitGTK+ and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.

The WebKitGTK+ and WPE WebKit team,
November 21, 2018

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW/Yn/2aOgq3Tt24GAQjyNA/7BBSy5iYLxmCdSuKwS+3jNuaXDkIkV9Pd
W/JOADxoVLl8xX3glusIzNX5I5EhyrNXY0Qt4AWp7XFzgDuCpJ5/q5mfkYZdVGtl
M+hSifFycxc1uFGFXznSReKPHi/1UnMPkBNrs397WqwjMtNJ5tqAPH705ezlOPmn
9fpoHT0w9bqJ9ZYvLfbI35iSPxnvg0EdJ51RD581W/CileghZ9g2SAQ3sINCCfH2
jHn1yXr2GyLMg14Xze4K5DVGXJTmwUCF8X824dFw1N4wp7cr3wMRz57S5c0HdKq/
gcwPjkdtZAQP2HNX3t+rby0WzSIhxpZoo63W/84pf73jgcTTcp2n76RpztZg05JS
KkKDf2LFd9MHsYhQhaVa6MFbIgsDEykgUBnfnXVQa7mSCEtrDLuT8pB6oPZu//ww
LRs8BkK15NvFyrhTido/lnDJqhUxoblUK02Qk7DOG1bCVZovPBIdDJfRFwG37SqV
4LDUhh+9mwSKRV2AbkmHeqcZdzkkdLZjM0EYX0ZqCebg/WMCsqnCWlkFKrLpIG08
SCMHm29F49NpQIE77hXn7hmKwDNnGbLz8Acjc3/heejitY85IYgbI7H42lGEriEF
qcFvZQdRQiCv2kEx0Nrj9FlPHZJPe87MihA7lcOxt5fPfBAL8K4f+lihhQ3xVQjT
JRkkC7v6lYI=
=Apw0
-----END PGP SIGNATURE-----

« Back to bulletins