diff options
Diffstat (limited to 'metadata/glsa/glsa-201706-15.xml')
| -rw-r--r-- | metadata/glsa/glsa-201706-15.xml | 152 |
1 files changed, 152 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-201706-15.xml b/metadata/glsa/glsa-201706-15.xml new file mode 100644 index 000000000000..897eaa694dad --- /dev/null +++ b/metadata/glsa/glsa-201706-15.xml @@ -0,0 +1,152 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201706-15"> + <title>WebKitGTK+: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst + of which allows remote attackers to execute arbitrary code. + </synopsis> + <product type="ebuild">webkit-gtk</product> + <announced>2017-06-07</announced> + <revised count="1">2017-06-07</revised> + <bug>543650</bug> + <bug>573656</bug> + <bug>577068</bug> + <bug>608958</bug> + <bug>614876</bug> + <bug>619788</bug> + <access>remote</access> + <affected> + <package name="net-libs/webkit-gtk" auto="yes" arch="*"> + <unaffected range="ge">2.16.3</unaffected> + <vulnerable range="lt">2.16.3</vulnerable> + </package> + </affected> + <background> + <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>A remote attack can use multiple vectors to execute arbitrary code or + cause a denial of service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All WebKitGTK+ users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330">CVE-2015-2330</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096">CVE-2015-7096</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098">CVE-2015-7098</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723">CVE-2016-1723</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724">CVE-2016-1724</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725">CVE-2016-1725</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726">CVE-2016-1726</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727">CVE-2016-1727</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728">CVE-2016-1728</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692">CVE-2016-4692</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743">CVE-2016-4743</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586">CVE-2016-7586</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587">CVE-2016-7587</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589">CVE-2016-7589</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592">CVE-2016-7592</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598">CVE-2016-7598</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599">CVE-2016-7599</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610">CVE-2016-7610</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611">CVE-2016-7611</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623">CVE-2016-7623</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632">CVE-2016-7632</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635">CVE-2016-7635</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639">CVE-2016-7639</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640">CVE-2016-7640</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641">CVE-2016-7641</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642">CVE-2016-7642</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645">CVE-2016-7645</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646">CVE-2016-7646</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648">CVE-2016-7648</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649">CVE-2016-7649</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652">CVE-2016-7652</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654">CVE-2016-7654</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656">CVE-2016-7656</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642">CVE-2016-9642</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643">CVE-2016-9643</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350">CVE-2017-2350</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354">CVE-2017-2354</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355">CVE-2017-2355</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356">CVE-2017-2356</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362">CVE-2017-2362</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363">CVE-2017-2363</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364">CVE-2017-2364</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365">CVE-2017-2365</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366">CVE-2017-2366</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367">CVE-2017-2367</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369">CVE-2017-2369</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371">CVE-2017-2371</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373">CVE-2017-2373</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376">CVE-2017-2376</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377">CVE-2017-2377</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386">CVE-2017-2386</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392">CVE-2017-2392</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394">CVE-2017-2394</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395">CVE-2017-2395</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396">CVE-2017-2396</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405">CVE-2017-2405</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415">CVE-2017-2415</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419">CVE-2017-2419</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433">CVE-2017-2433</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442">CVE-2017-2442</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445">CVE-2017-2445</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446">CVE-2017-2446</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447">CVE-2017-2447</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454">CVE-2017-2454</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455">CVE-2017-2455</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457">CVE-2017-2457</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459">CVE-2017-2459</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460">CVE-2017-2460</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464">CVE-2017-2464</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465">CVE-2017-2465</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466">CVE-2017-2466</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468">CVE-2017-2468</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469">CVE-2017-2469</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470">CVE-2017-2470</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471">CVE-2017-2471</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475">CVE-2017-2475</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476">CVE-2017-2476</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481">CVE-2017-2481</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496">CVE-2017-2496</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504">CVE-2017-2504</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505">CVE-2017-2505</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506">CVE-2017-2506</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508">CVE-2017-2508</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510">CVE-2017-2510</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514">CVE-2017-2514</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515">CVE-2017-2515</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521">CVE-2017-2521</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525">CVE-2017-2525</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526">CVE-2017-2526</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528">CVE-2017-2528</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530">CVE-2017-2530</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531">CVE-2017-2531</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536">CVE-2017-2536</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539">CVE-2017-2539</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544">CVE-2017-2544</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547">CVE-2017-2547</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549">CVE-2017-2549</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980">CVE-2017-6980</uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984">CVE-2017-6984</uri> + </references> + <metadata tag="requester" timestamp="2017-04-19T06:44:45Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2017-06-07T11:52:15Z">whissi</metadata> +</glsa> |