Bug 1088182 - (CVE-2018-4101) VUL-0: webkit2gtk3: various issues fixed with 2.20.0. WSA-2018-0003
(CVE-2018-4101)
VUL-0: webkit2gtk3: various issues fixed with 2.20.0. WSA-2018-0003
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv3:SUSE:CVE-2018-4113:5.3:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-04-04 19:54 UTC by Marcus Meissner
Modified: 2019-08-29 15:19 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-04-04 19:54:34 UTC
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2018-0003
------------------------------------------------------------------------

Date reported : April 04, 2018
Advisory ID : WSA-2018-0003
Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html
CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114,
                     CVE-2018-4117, CVE-2018-4118, CVE-2018-4119,
                     CVE-2018-4120, CVE-2018-4122, CVE-2018-4125,
                     CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
                     CVE-2018-4133, CVE-2018-4146, CVE-2018-4161,
                     CVE-2018-4162, CVE-2018-4163, CVE-2018-4165.

Several vulnerabilities were discovered in WebKitGTK+.

CVE-2018-4101
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to Yuan Deng of Ant-financial Light-Year Security Lab.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4113
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to OSS-Fuzz.
    Impact: Unexpected interaction with indexing types causing an ASSERT
    failure. Description: An array indexing issue existed in the
    handling of a function in JavaScriptCore. This issue was addressed
    through improved checks.

CVE-2018-4114
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to OSS-Fuzz.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4117
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to an anonymous researcher.
    Impact: A malicious website may exfiltrate data cross-origin.
    Description: A cross-origin issue existed with the fetch API. This
    was addressed through improved input validation.

CVE-2018-4118
    Versions affected: WebKitGTK+ before 2.18.1.
    Credit to Jun Kokatsu (@shhnjk).
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4119
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to an anonymous researcher working with Trend Micro=FFs Zero
    Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4120
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4122
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4125
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4127
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to an anonymous researcher working with Trend Micro=FFs Zero
    Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4128
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to Zach Markley.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4129
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to likemeng of Baidu Security Lab working with Trend Micro's
    Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4133
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to Anton Lopanitsyn of Wallarm, Linus S=E4rud of Detectify
    (detectify.com), Yuji Tounai of NTT Communications Corporation.
    Impact: Visiting a maliciously crafted website may lead to a cross-
    site scripting attack. Description: A cross-site scripting issue
    existed in WebKit. This issue was addressed with improved URL
    validation.

CVE-2018-4146
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to OSS-Fuzz.
    Impact: Processing maliciously crafted web content may lead to a
    denial of service. Description: A memory corruption issue was
    addressed through improved input validation.

CVE-2018-4161
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4162
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4163
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to WanderingGlitch of Trend Micro's Zero Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2018-4165
    Versions affected: WebKitGTK+ before 2.20.0.
    Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.


We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.

Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html

The WebKitGTK+ team,
April 04, 2018
Comment 1 Marcus Meissner 2018-04-04 19:55:15 UTC
Correction:

On Wed, Apr 4, 2018 at 1:46 PM, Michael Catanzaro 
<mcatanzaro@igalia.com> wrote:
> CVE-2018-4118
>     Versions affected: WebKitGTK+ before 2.18.1.
>     Credit to Jun Kokatsu (@shhnjk).
>     Impact: Processing maliciously crafted web content may lead to
>     arbitrary code execution. Description: Multiple memory corruption
>     issues were addressed with improved memory handling.

The versions affected for CVE-2018-4118 was not correct. An attempt to 
fix this issue was included in 2.18.1, but the change was incomplete. 
This should have read:

Versions affected: WebKitGTK+ before 2.20.0
Comment 2 Scott Reeves 2018-04-05 20:38:20 UTC
Mike is working on the update for SLE15 - hopefully by tomorrow for RC2 deadline.
Then we will look at SLE12.
Comment 8 Swamp Workflow Management 2018-10-24 16:44:13 UTC
SUSE-SU-2018:3387-1: An update that fixes 40 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1075775,1077535,1079512,1088182,1088932,1092278,1092279,1092280,1095611,1096060,1096061,1097693,1101999,1102530,1104169
CVE References: CVE-2017-13884,CVE-2017-13885,CVE-2017-7153,CVE-2017-7160,CVE-2017-7161,CVE-2017-7165,CVE-2018-11646,CVE-2018-11712,CVE-2018-11713,CVE-2018-12911,CVE-2018-4088,CVE-2018-4096,CVE-2018-4101,CVE-2018-4113,CVE-2018-4114,CVE-2018-4117,CVE-2018-4118,CVE-2018-4119,CVE-2018-4120,CVE-2018-4121,CVE-2018-4122,CVE-2018-4125,CVE-2018-4127,CVE-2018-4128,CVE-2018-4129,CVE-2018-4133,CVE-2018-4146,CVE-2018-4161,CVE-2018-4162,CVE-2018-4163,CVE-2018-4165,CVE-2018-4190,CVE-2018-4199,CVE-2018-4200,CVE-2018-4204,CVE-2018-4218,CVE-2018-4222,CVE-2018-4232,CVE-2018-4233,CVE-2018-4246
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    webkit2gtk3-2.20.3-2.23.8
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    webkit2gtk3-2.20.3-2.23.8
SUSE Linux Enterprise Server 12-SP3 (src):    webkit2gtk3-2.20.3-2.23.8
SUSE Linux Enterprise Desktop 12-SP3 (src):    webkit2gtk3-2.20.3-2.23.8
Comment 9 Swamp Workflow Management 2018-10-25 22:12:46 UTC
openSUSE-SU-2018:3473-1: An update that fixes 40 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1075775,1077535,1079512,1088182,1088932,1092278,1092279,1092280,1095611,1096060,1096061,1097693,1101999,1102530,1104169
CVE References: CVE-2017-13884,CVE-2017-13885,CVE-2017-7153,CVE-2017-7160,CVE-2017-7161,CVE-2017-7165,CVE-2018-11646,CVE-2018-11712,CVE-2018-11713,CVE-2018-12911,CVE-2018-4088,CVE-2018-4096,CVE-2018-4101,CVE-2018-4113,CVE-2018-4114,CVE-2018-4117,CVE-2018-4118,CVE-2018-4119,CVE-2018-4120,CVE-2018-4121,CVE-2018-4122,CVE-2018-4125,CVE-2018-4127,CVE-2018-4128,CVE-2018-4129,CVE-2018-4133,CVE-2018-4146,CVE-2018-4161,CVE-2018-4162,CVE-2018-4163,CVE-2018-4165,CVE-2018-4190,CVE-2018-4199,CVE-2018-4200,CVE-2018-4204,CVE-2018-4218,CVE-2018-4222,CVE-2018-4232,CVE-2018-4233,CVE-2018-4246
Sources used:
openSUSE Leap 42.3 (src):    webkit2gtk3-2.20.3-11.1
Comment 10 Marcus Meissner 2019-08-29 15:19:39 UTC
was released