Bugzilla – Bug 871792
VUL-0: webkit: tracker-bug for multiple CVEs
Last modified: 2019-07-24 06:50:34 UTC
http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3 Safari 6.1.3 and Safari 7.0.3 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2871 : miaubiz CVE-2013-2926 : cloudfuzzer CVE-2013-2928 : Google Chrome Security Team CVE-2013-6625 : cloudfuzzer CVE-2014-1289 : Apple CVE-2014-1290 : ant4g0nist (SegFault) working with HP's Zero Day Initiative, Google Chrome Security Team CVE-2014-1291 : Google Chrome Security Team CVE-2014-1292 : Google Chrome Security Team CVE-2014-1293 : Google Chrome Security Team CVE-2014-1294 : Google Chrome Security Team CVE-2014-1298 : Google Chrome Security Team CVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1300 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative CVE-2014-1301 : Google Chrome Security Team CVE-2014-1302 : Google Chrome Security Team, Apple CVE-2014-1303 : KeenTeam working with HP's Zero Day Initiative CVE-2014-1304 : Apple CVE-2014-1305 : Apple CVE-2014-1307 : Google Chrome Security Team CVE-2014-1308 : Google Chrome Security Team CVE-2014-1309 : cloudfuzzer CVE-2014-1310 : Google Chrome Security Team CVE-2014-1311 : Google Chrome Security Team CVE-2014-1312 : Google Chrome Security Team CVE-2014-1313 : Google Chrome Security Team CVE-2014-1713 : VUPEN working with HP's Zero Day Initiative WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: An attacker running arbitary code in the WebProcess may be able to read arbitrary files despite sandbox restrictions Description: A logic issue existed in the handling of IPC messages from the WebProcess. This issue was addressed through additional validation of IPC messages. CVE-ID CVE-2014-1297 : Ian Beer of Google Project Zero For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3 and Safari 6.1.3 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.3 is available via the Apple Software Update application. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
bugbot adjusting priority
Here're current status so far: 1. All these CVEs aren't mentioned in any commit logs of upstream webkit, the latest CVE is from 2011; 2. Although Google fixed most of these bugs in Blink, and provided patches, the code architecture is very different from webkit. So it's not so easy to checkout the differences. I believe it needs more dedicative and deeper research; 3. The patches from Apple fixed for their products are very unlikely to be published, no? But there's chance to contact Apple with the security key provided above for more information. Even though, the work remains undecidable and looking for more researches. Longer time is needed. I may wrong, correct me please if I missed something. Comments?
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2014-06-19. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/57737
OK, these are fixed in webkitgtk-2.4.8. I'm making a package right now.
I've submitted webkitgtk 2.4.8 to SUSE:SLE-11:Update, with id 49176. This is the same package that is now in GNOME:Factory (openSUSE:Factory).
(In reply to Federico Mena Quintero from comment #24) > I've submitted webkitgtk 2.4.8 to SUSE:SLE-11:Update, correction, it has been submitted on SUSE:SLE-12:Update (as expected) Please note we are doing a major version bump here, therefore I've opened a ECO to track this : FATE#318393
SUSE-SU-2015:0688-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 866728,871792,879607,883026 CVE References: CVE-2014-1344,CVE-2014-1384,CVE-2014-1385,CVE-2014-1386,CVE-2014-1387,CVE-2014-1388,CVE-2014-1389,CVE-2014-1390,CVE-2015-2330 Sources used: SUSE Linux Enterprise Workstation Extension 12 (src): webkitgtk-2.4.8-16.2, webkitgtk3-2.4.8-16.2 SUSE Linux Enterprise Software Development Kit 12 (src): webkitgtk-2.4.8-16.2, webkitgtk3-2.4.8-16.2 SUSE Linux Enterprise Server 12 (src): webkitgtk3-2.4.8-16.2 SUSE Linux Enterprise Desktop 12 (src): webkitgtk-2.4.8-16.2, webkitgtk3-2.4.8-16.2
openSUSE-RU-2015:0957-1: An update that fixes 8 vulnerabilities is now available. Category: recommended (moderate) Bug References: 871792,879607,905667,927357 CVE References: CVE-2014-1344,CVE-2014-1384,CVE-2014-1385,CVE-2014-1386,CVE-2014-1387,CVE-2014-1388,CVE-2014-1389,CVE-2014-1390 Sources used: openSUSE 13.2 (src): brasero-3.12.1-8.5, clutter-1.20.2-7.4, empathy-3.12.9-7.6, gedit-code-assistance-3.14.3-2.12.1, gnome-bluetooth-3.14.1-3.2, gnome-control-center-3.14.5-18.1, gnome-documents-3.14.3-7.1, gnome-online-accounts-3.14.4-11.1, gnome-online-miners-3.14.3-7.1, gnome-photos-3.14.3-7.3, gnome-settings-daemon-3.14.4-10.1, gnonlin-1.4.0-2.3.1, goobox-3.4.0-2.7.2, gsettings-desktop-schemas-3.14.2-3.1, gstreamer-editing-services-1.4.0-2.3.1, gthumb-3.4.0-2.4.4, gtk2-2.24.28-4.11.2, gtk2-branding-SLED-13.2-11.3, gtk2-branding-openSUSE-13.2-11.3, gtk2-engines-2.20.2-18.11.2, gtk3-3.14.13-18.1, gtk3-branding-SLED-13.2-17.3, gtk3-branding-openSUSE-13.2-17.3, libgsf-1.14.33-2.7.1, libgweather-3.14.4-7.1, pitivi-0.94-2.3.1, rygel-0.24.4-7.1, totem-3.14.3-11.2, webkit2gtk3-2.6.6-7.2, webkitgtk-2.4.8-7.2, webkitgtk3-2.4.8-7.2, yelp-3.14.2-3.1
not going to get fixed