SCIENTIFIC-LINUX-ERRATA Archives

March 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: webkitgtk on SL6.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Fri, 4 Mar 2011 14:43:01 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (66 lines) 
Synopsis:	Moderate: webkitgtk security update
Issue date:	2011-01-25
CVE Names:	CVE-2010-1780 CVE-2010-1782 CVE-2010-1783
                   CVE-2010-1784 CVE-2010-1785 CVE-2010-1786
                   CVE-2010-1787 CVE-2010-1788 CVE-2010-1790
                   CVE-2010-1792 CVE-2010-1793 CVE-2010-1807
                   CVE-2010-1812 CVE-2010-1814 CVE-2010-1815
                   CVE-2010-3113 CVE-2010-3114 CVE-2010-3115
                   CVE-2010-3116 CVE-2010-3119 CVE-2010-3255
                   CVE-2010-3257 CVE-2010-3259 CVE-2010-3812
                   CVE-2010-3813 CVE-2010-4197 CVE-2010-4198
                   CVE-2010-4204 CVE-2010-4206 CVE-2010-4577

Multiple memory corruption flaws were found in WebKit. Malicious web
content could cause an application using WebKitGTK+ to crash or,
potentially, execute arbitrary code with the privileges of the user 
running the application. (CVE-2010-1782, CVE-2010-1783, CVE-2010-1784,
CVE-2010-1785, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790, 
CVE-2010-1792, CVE-2010-1807, CVE-2010-1814, CVE-2010-3114, 
CVE-2010-3116, CVE-2010-3119, CVE-2010-3255, CVE-2010-3812, CVE-2010-4198)

Multiple use-after-free flaws were found in WebKit. Malicious web 
content could cause an application using WebKitGTK+ to crash or, 
potentially, execute arbitrary code with the privileges of the user 
running the application. (CVE-2010-1780, CVE-2010-1786, CVE-2010-1793, 
CVE-2010-1812, CVE-2010-1815, CVE-2010-3113, CVE-2010-3257, 
CVE-2010-4197, CVE-2010-4204)

Two array index errors, leading to out-of-bounds memory reads, were 
found in WebKit. Malicious web content could cause an application using
WebKitGTK+ to crash. (CVE-2010-4206, CVE-2010-4577)

A flaw in WebKit could allow malicious web content to trick a user into
thinking they are visiting the site reported by the location bar, when 
the page is actually content controlled by an attacker. (CVE-2010-3115)

It was found that WebKit did not correctly restrict read access to 
images created from the "canvas" element. Malicious web content could 
allow a remote attacker to bypass the same-origin policy and potentially 
access sensitive image data. (CVE-2010-3259)

A flaw was found in the way WebKit handled DNS prefetching. Even when it
was disabled, web content containing certain "link" elements could cause
WebKitGTK+ to perform DNS prefetching. (CVE-2010-3813)

All running applications that use WebKitGTK+ must be restarted for this 
update to take effect.

SL 6.x

      SRPMS:
webkitgtk-1.2.6-2.el6_0.src.rpm
      i386:
webkitgtk-1.2.6-2.el6_0.i686.rpm
webkitgtk-devel-1.2.6-2.el6_0.i686.rpm
webkitgtk-doc-1.2.6-2.el6_0.i686.rpm
      x86_64:
webkitgtk-1.2.6-2.el6_0.i686.rpm
webkitgtk-1.2.6-2.el6_0.x86_64.rpm
webkitgtk-devel-1.2.6-2.el6_0.i686.rpm
webkitgtk-devel-1.2.6-2.el6_0.x86_64.rpm
webkitgtk-doc-1.2.6-2.el6_0.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2