Synopsis: Moderate: webkitgtk security update
Issue date: 2011-01-25
CVE Names: CVE-2010-1780 CVE-2010-1782 CVE-2010-1783
CVE-2010-1784 CVE-2010-1785 CVE-2010-1786
CVE-2010-1787 CVE-2010-1788 CVE-2010-1790
CVE-2010-1792 CVE-2010-1793 CVE-2010-1807
CVE-2010-1812 CVE-2010-1814 CVE-2010-1815
CVE-2010-3113 CVE-2010-3114 CVE-2010-3115
CVE-2010-3116 CVE-2010-3119 CVE-2010-3255
CVE-2010-3257 CVE-2010-3259 CVE-2010-3812
CVE-2010-3813 CVE-2010-4197 CVE-2010-4198
CVE-2010-4204 CVE-2010-4206 CVE-2010-4577
Multiple memory corruption flaws were found in WebKit. Malicious web
content could cause an application using WebKitGTK+ to crash or,
potentially, execute arbitrary code with the privileges of the user
running the application. (CVE-2010-1782, CVE-2010-1783, CVE-2010-1784,
CVE-2010-1785, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790,
CVE-2010-1792, CVE-2010-1807, CVE-2010-1814, CVE-2010-3114,
CVE-2010-3116, CVE-2010-3119, CVE-2010-3255, CVE-2010-3812, CVE-2010-4198)
Multiple use-after-free flaws were found in WebKit. Malicious web
content could cause an application using WebKitGTK+ to crash or,
potentially, execute arbitrary code with the privileges of the user
running the application. (CVE-2010-1780, CVE-2010-1786, CVE-2010-1793,
CVE-2010-1812, CVE-2010-1815, CVE-2010-3113, CVE-2010-3257,
CVE-2010-4197, CVE-2010-4204)
Two array index errors, leading to out-of-bounds memory reads, were
found in WebKit. Malicious web content could cause an application using
WebKitGTK+ to crash. (CVE-2010-4206, CVE-2010-4577)
A flaw in WebKit could allow malicious web content to trick a user into
thinking they are visiting the site reported by the location bar, when
the page is actually content controlled by an attacker. (CVE-2010-3115)
It was found that WebKit did not correctly restrict read access to
images created from the "canvas" element. Malicious web content could
allow a remote attacker to bypass the same-origin policy and potentially
access sensitive image data. (CVE-2010-3259)
A flaw was found in the way WebKit handled DNS prefetching. Even when it
was disabled, web content containing certain "link" elements could cause
WebKitGTK+ to perform DNS prefetching. (CVE-2010-3813)
All running applications that use WebKitGTK+ must be restarted for this
update to take effect.
SL 6.x
SRPMS:
webkitgtk-1.2.6-2.el6_0.src.rpm
i386:
webkitgtk-1.2.6-2.el6_0.i686.rpm
webkitgtk-devel-1.2.6-2.el6_0.i686.rpm
webkitgtk-doc-1.2.6-2.el6_0.i686.rpm
x86_64:
webkitgtk-1.2.6-2.el6_0.i686.rpm
webkitgtk-1.2.6-2.el6_0.x86_64.rpm
webkitgtk-devel-1.2.6-2.el6_0.i686.rpm
webkitgtk-devel-1.2.6-2.el6_0.x86_64.rpm
webkitgtk-doc-1.2.6-2.el6_0.x86_64.rpm
-Connie Sieh
-Troy Dawson
|