WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005
-
Date Reported: June 13, 2018
-
Advisory ID: WSA-2018-0005
-
CVE identifiers: CVE-2018-4190, CVE-2018-4192, CVE-2018-4199, CVE-2018-4201, CVE-2018-4214, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233, CVE-2018-11646, CVE-2018-11712, CVE-2018-11713, CVE-2018-12293, CVE-2018-12294.
Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.
- CVE-2018-4190
- Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1.
- Credit to Jun Kokatsu (@shhnjk).
- Impact: Visiting a maliciously crafted website may leak sensitive data. Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method.
- CVE-2018-4192
- Versions affected: WebKitGTK+ before 2.20.1.
- Credit to Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro’s Zero Day Initiative.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A race condition was addressed with improved locking.
- CVE-2018-4199
- Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1.
- Credit to Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro’s Zero Day Initiative.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A buffer overflow issue was addressed with improved memory handling.
- CVE-2018-4201
- Versions affected: WebKitGTK+ before 2.20.1.
- Credit to an anonymous researcher.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4214
- Versions affected: WebKitGTK+ before 2.20.0.
- Credit to OSS-Fuzz.
- Impact: Processing maliciously crafted web content may lead to an unexpected application crash. Description: A memory corruption issue was addressed with improved input validation.
- CVE-2018-4218
- Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1.
- Credit to Natalie Silvanovich of Google Project Zero.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-4222
- Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1.
- Credit to Natalie Silvanovich of Google Project Zero.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2018-4232
- Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1.
- Credit to Aymeric Chaib.
- Impact: Visiting a maliciously crafted website may lead to cookies being overwritten. Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.
- CVE-2018-4233
- Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1.
- Credit to Samuel Groß (@5aelo) working with Trend Micro’s Zero Day Initiative.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2018-11646
- Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1.
- Credit to Mishra Dhiraj.
- Maliciously crafted web content could trigger an application crash in WebKitFaviconDatabase, caused by mishandling unexpected input.
- CVE-2018-11712
- Versions affected: WebKitGTK+ 2.20.0 and 2.20.1.
- Credit to Metrological Group B.V.
- The libsoup network backend of WebKit failed to perform TLS certificate verification for WebSocket connections.
- CVE-2018-11713
- Versions affected: WebKitGTK+ before 2.20.0 or without libsoup 2.62.0.
- Credit to Dirkjan Ochtman.
- The libsoup network backend of WebKit unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.
- CVE-2018-12293
- Versions affected: WebKitGTK+ before 2.20.3 and WPE WebKit before 2.20.1.
- Credit to ADlab of Venustech.
- Maliciously crafted web content could achieve a heap buffer overflow in ImageBufferCairo by exploiting multiple integer overflow issues.
- CVE-2018-12294
- Versions affected: WebKitGTK+ before 2.20.2.
- Credit to ADlab of Venustech.
- Maliciously crafted web content could trigger a use-after-free of a TextureMapperLayer object.
We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running a safe version of WebKit. Please check our websites for information about the latest stable releases.
Further information about WebKitGTK+ and WPE WebKit security advisories can be found at https://webkitgtk.org/security.html or https://wpewebkit.org/security/.