95725

1037668

1038137

GLSA-201706-15

https://support.apple.com/HT207482

https://support.apple.com/HT207484

41799

This update for webkit2gtk3 fixes the following issues :

Update to version 2.18.5 :

  + Disable SharedArrayBuffers from Web API.

  + Reduce the precision of 'high' resolution time to 1ms.

  + bsc#1075419 - Security fixes: includes improvements to     mitigate the effects of Spectre and Meltdown     (CVE-2017-5753 and CVE-2017-5715).

Update to version 2.18.4 :

  + Make WebDriver implementation more spec compliant.

  + Fix a bug when trying to remove cookies before a web     process is spawned.

  + WebKitWebDriver process no longer links to     libjavascriptcoregtk.

  + Fix several memory leaks in GStreamer media backend.

  + bsc#1073654 - Security fixes: CVE-2017-13866,     CVE-2017-13870, CVE-2017-7156, CVE-2017-13856.

Update to version 2.18.3 :

  + Improve calculation of font metrics to prevent     scrollbars from being shown unnecessarily in some cases.

  + Fix handling of null capabilities in WebDriver     implementation.

  + Security fixes: CVE-2017-13798, CVE-2017-13788,     CVE-2017-13803.

Update to version 2.18.2 :

  + Fix rendering of arabic text.

  + Fix a crash in the web process when decoding GIF images.

  + Fix rendering of wind in Windy.com.

  + Fix several crashes and rendering issues.

Update to version 2.18.1 :

  + Improve performance of GIF animations.

  + Fix garbled display in GMail.

  + Fix rendering of several material design icons when     using the web font.

  + Fix flickering when resizing the window in Wayland.

  + Prevent default kerberos authentication credentials from     being used in ephemeral sessions.

  + Fix a crash when webkit_web_resource_get_data() is     cancelled.

  + Correctly handle touchmove and touchend events in     WebKitWebView.

  + Fix the build with enchant 2.1.1.

  + Fix the build in HPPA and Alpha.

  + Fix several crashes and rendering issues.

  + Security fixes: CVE-2017-7081, CVE-2017-7087,     CVE-2017-7089, CVE-2017-7090, CVE-2017-7091,     CVE-2017-7092, CVE-2017-7093, CVE-2017-7094,     CVE-2017-7095, CVE-2017-7096, CVE-2017-7098,     CVE-2017-7099, CVE-2017-7100, CVE-2017-7102,     CVE-2017-7104, CVE-2017-7107, CVE-2017-7109,     CVE-2017-7111, CVE-2017-7117, CVE-2017-7120,     CVE-2017-7142.

  - Enable gold linker on s390/s390x on SLE15/Tumbleweed.

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for webkit2gtk3 fixes the following issues: Update to version 2.18.5 :

  + Disable SharedArrayBuffers from Web API.

  + Reduce the precision of 'high' resolution time to 1ms.

  + bsc#1075419 - Security fixes: includes improvements to     mitigate the effects of Spectre and Meltdown     (CVE-2017-5753 and CVE-2017-5715). Update to version     2.18.4 :

  + Make WebDriver implementation more spec compliant.

  + Fix a bug when trying to remove cookies before a web     process is spawned.

  + WebKitWebDriver process no longer links to     libjavascriptcoregtk.

  + Fix several memory leaks in GStreamer media backend.

  + bsc#1073654 - Security fixes: CVE-2017-13866,     CVE-2017-13870, CVE-2017-7156, CVE-2017-13856. Update to     version 2.18.3 :

  + Improve calculation of font metrics to prevent     scrollbars from being shown unnecessarily in some cases.

  + Fix handling of null capabilities in WebDriver     implementation.

  + Security fixes: CVE-2017-13798, CVE-2017-13788,     CVE-2017-13803. Update to version 2.18.2 :

  + Fix rendering of arabic text.

  + Fix a crash in the web process when decoding GIF images.

  + Fix rendering of wind in Windy.com.

  + Fix several crashes and rendering issues. Update to     version 2.18.1 :

  + Improve performance of GIF animations.

  + Fix garbled display in GMail.

  + Fix rendering of several material design icons when     using the web font.

  + Fix flickering when resizing the window in Wayland.

  + Prevent default kerberos authentication credentials from     being used in ephemeral sessions.

  + Fix a crash when webkit_web_resource_get_data() is     cancelled.

  + Correctly handle touchmove and touchend events in     WebKitWebView.

  + Fix the build with enchant 2.1.1.

  + Fix the build in HPPA and Alpha.

  + Fix several crashes and rendering issues.

  + Security fixes: CVE-2017-7081, CVE-2017-7087,     CVE-2017-7089, CVE-2017-7090, CVE-2017-7091,     CVE-2017-7092, CVE-2017-7093, CVE-2017-7094,     CVE-2017-7095, CVE-2017-7096, CVE-2017-7098,     CVE-2017-7099, CVE-2017-7100, CVE-2017-7102,     CVE-2017-7104, CVE-2017-7107, CVE-2017-7109,     CVE-2017-7111, CVE-2017-7117, CVE-2017-7120,     CVE-2017-7142.

  - Enable gold linker on s390/s390x on SLE15/Tumbleweed.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for webkit2gtk3 to version 2.18.0 fixes the following issues :

These security issues were fixed :

  - CVE-2017-7039: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7018: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7030: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7037: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7034: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7055: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7056: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7064: An issue was fixed that allowed remote     attackers to bypass intended memory-read restrictions     via a crafted app (bsc#1050469).

  - CVE-2017-7061: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7048: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7046: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-2538: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1045460)

  - CVE-2017-2496: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website.

  - CVE-2017-2539: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website.

  - CVE-2017-2510: An issue was fixed that allowed remote     attackers to conduct Universal XSS (UXSS) attacks via a     crafted website that improperly interacts with pageshow     events.

  - CVE-2017-2365: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted web site     (bsc#1024749)

  - CVE-2017-2366: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2017-2373: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2017-2363: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted web site     (bsc#1024749)

  - CVE-2017-2362: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2017-2350: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted web site     (bsc#1024749)

  - CVE-2017-2350: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted website     (bsc#1024749)

  - CVE-2017-2354: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749).

  - CVE-2017-2355: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (uninitialized memory access and application     crash) via a crafted website (bsc#1024749)

  - CVE-2017-2356: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2017-2371: An issue was fixed that allowed remote     attackers to launch popups via a crafted website     (bsc#1024749)

  - CVE-2017-2364: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted web site     (bsc#1024749)

  - CVE-2017-2369: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2016-7656: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7635: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7654: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7639: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7645: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7652: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7641: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7632: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7599: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted web site that used     HTTP redirects (bsc#1020950)

  - CVE-2016-7592: An issue was fixed that allowed remote     attackers to obtain sensitive information via crafted     JavaScript prompts on a website (bsc#1020950)

  - CVE-2016-7589: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7623: An issue was fixed that allowed remote     attackers to obtain sensitive information via a blob URL     on a website (bsc#1020950)

  - CVE-2016-7586: An issue was fixed that allowed remote     attackers to obtain sensitive information via a crafted     website (bsc#1020950)

For other non-security fixes please check the changelog.

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for webkit2gtk3 to version 2.18.0 fixes the following issues: These security issues were fixed :

  - CVE-2017-7039: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7018: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7030: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7037: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7034: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7055: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7056: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7064: An issue was fixed that allowed remote     attackers to bypass intended memory-read restrictions     via a crafted app (bsc#1050469).

  - CVE-2017-7061: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7048: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7046: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-2538: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1045460)

  - CVE-2017-2496: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website.

  - CVE-2017-2539: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website.

  - CVE-2017-2510: An issue was fixed that allowed remote     attackers to conduct Universal XSS (UXSS) attacks via a     crafted website that improperly interacts with pageshow     events.

  - CVE-2017-2365: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted website     (bsc#1024749)

  - CVE-2017-2366: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2017-2373: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2017-2363: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted website     (bsc#1024749)

  - CVE-2017-2362: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2017-2350: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted website     (bsc#1024749)

  - CVE-2017-2350: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted website     (bsc#1024749)

  - CVE-2017-2354: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749).

  - CVE-2017-2355: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (uninitialized memory access and application     crash) via a crafted website (bsc#1024749)

  - CVE-2017-2356: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2017-2371: An issue was fixed that allowed remote     attackers to launch popups via a crafted website     (bsc#1024749)

  - CVE-2017-2364: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted website     (bsc#1024749)

  - CVE-2017-2369: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2016-7656: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7635: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7654: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7639: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7645: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7652: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7641: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7632: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7599: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted website that used     HTTP redirects (bsc#1020950)

  - CVE-2016-7592: An issue was fixed that allowed remote     attackers to obtain sensitive information via crafted     JavaScript prompts on a web site (bsc#1020950)

  - CVE-2016-7589: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7623: An issue was fixed that allowed remote     attackers to obtain sensitive information via a blob URL     on a website (bsc#1020950)

  - CVE-2016-7586: An issue was fixed that allowed remote     attackers to obtain sensitive information via a crafted     website (bsc#1020950) For other non-security fixes     please check the changelog.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201706-15 (WebKitGTK+: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in WebKitGTK+. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attack can use multiple vectors to execute arbitrary code or       cause a denial of service condition.
  Workaround :

    There is no known workaround at this time.

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 10.1. It is, therefore, affected by multiple vulnerabilities:

  - An out-of-bounds read error exists in WebKit when     handling certain JavaScript code. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the disclosure of memory contents.
    (CVE-2016-9642)

  - A denial of service vulnerability exists in WebKit when     handling certain regular expressions. An     unauthenticated, remote attacker can exploit this, via a     specially crafted web page, to exhaust available memory     resources. (CVE-2016-9643)

  - Multiple information disclosure vulnerabilities exist     in WebKit when handling page loading due to improper     validation of certain input. An unauthenticated, remote     attacker can exploit these to disclose data     cross-origin. (CVE-2017-2364, CVE-2017-2367)

  - An unspecified state management flaw exists that allows     an unauthenticated, remote attacker to spoof the address     bar. (CVE-2017-2376)

  - A denial of service vulnerability exists in the Web     Inspector component when closing a window while the     debugger is paused. An unauthenticated, remote attacker     can exploit this to terminate the application.
    (CVE-2017-2377)

  - An unspecified flaw exists in WebKit when creating     bookmarks using drag-and-drop due to improper validation     of certain input. An unauthenticated, remote attacker     can exploit this, via a specially crafted link, to spoof     bookmarks or potentially execute arbitrary code.
    (CVE-2017-2378)

  - An information disclosure vulnerability exists in the     Login AutofFill component that allows a local attacker     to access keychain items. (CVE-2017-2385)

  - Multiple information disclosure vulnerabilities exist     in WebKit when handling unspecified exceptions or     elements. An unauthenticated, remote attacker can     exploit these, via specially crafted web content, to     disclose data cross-origin. (CVE-2017-2386,     CVE-2017-2479, CVE-2017-2480)

  - An unspecified flaw exists in the handling of HTTP     authentication that allows an unauthenticated, remote     attacker to disclose authentication sheets on arbitrary     websites or cause a denial of service condition.
    (CVE-2017-2389)

  - Multiple memory corruption issues exist in WebKit that     allow an unauthenticated, remote attacker to cause a     denial of service condition or the execution of     arbitrary code. (CVE-2017-2394, CVE-2017-2395,     CVE-2017-2396, CVE-2017-2433, CVE-2017-2454,     CVE-2017-2455, CVE-2017-2459, CVE-2017-2460,     CVE-2017-2464, CVE-2017-2465, CVE-2017-2466,     CVE-2017-2468, CVE-2017-2469, CVE-2017-2470,     CVE-2017-2476)

  - A memory corruption issue exists in WebKit within the     Web Inspector component due to improper validation of     certain input. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-2405)

  - An unspecified type confusion error exists that allows     an unauthenticated remote attacker to execute arbitrary     code by using specially crafted web content.
    (CVE-2017-2415)

  - A security bypass vulnerability exists in WebKit that     allows an unauthenticated, remote attacker to bypass the     Content Security Policy by using specially crafted web     content. (CVE-2017-2419)

  - An unspecified flaw exists in WebKit when handling     OpenGL shaders that allows an unauthenticated, remote     attacker to disclose process memory content by using     specially crafted web content. (CVE-2017-2424)

  - An information disclosure vulnerability exists in WebKit     JavaScript Bindings when handling page loading due to     unspecified logic flaws. An unauthenticated, remote     attacker can exploit this, via specially crafted web     content, to disclose data cross-origin. (CVE-2017-2442)

  - A memory corruption issue exists in WebKit within the     CoreGraphics component due to improper validation of     certain input. An unauthenticated, remote attacker can     exploit this, via specially crafted web content, to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-2444)

  - A universal cross-site scripting (XSS) vulnerability     exists in WebKit when handling frame objects due to     improper validation of certain input. An     unauthenticated, remote attacker can exploit this, via     specially crafted web content, to execute arbitrary     script code in a user's browser session. (CVE-2017-2445)

  - A flaw exists in WebKit due to non-strict mode functions     that are called from built-in strict mode scripts not     being properly restricted from calling sensitive native     functions. An unauthenticated, remote attacker can     exploit this, via specially crafted web content, to     execute arbitrary code. (CVE-2017-2446)

  - An out-of-bounds read error exists in WebKit when     handling the bound arguments array of a bound function.
    An unauthenticated, remote attacker can exploit this,     via specially crafted web content, to disclose memory     contents. (CVE-2017-2447)

  - An unspecified flaw exists in FaceTime prompt handling     due to improper validation of certain input. An     unauthenticated, remote attacker can exploit this to     spoof user interface elements. (CVE-2017-2453)

  - A use-after-free error exists in WebKit when handling     RenderBox objects. An unauthenticated, remote attacker     can exploit this, via specially crafted web content, to     dereference already freed memory, resulting in the     execution of arbitrary code. (CVE-2017-2463)

  - An unspecified use-after-free error exists in WebKit     that allows an unauthenticated, remote attacker, via     specially crafted web content, to dereference already     freed memory, resulting in the execution of arbitrary     code. (CVE-2017-2471)

  - A universal cross-site scripting (XSS) vulnerability     exists in WebKit when handling frames due to improper     validation of certain input. An unauthenticated, remote     attacker can exploit this, via specially crafted web     content, to execute arbitrary script code in a user's     browser session. (CVE-2017-2475)

  - A use-after-free error exists in WebKit when handling     ElementData objects. An unauthenticated, remote attacker     can exploit this, via specially crafted web content, to     dereference already freed memory, resulting in the     execution of arbitrary code. (CVE-2017-2481)

  - A use-after-free error exists in JavaScriptCore when     handling the String.replace() method. An     unauthenticated, remote attacker can exploit this to     deference already freed memory, resulting in the     execution of arbitrary code. (CVE-2017-2491)

  - A universal cross-site scripting (XSS) vulnerability     exists in JavaScriptCore due to an unspecified prototype     flaw. An unauthenticated, remote attacker can exploit     this, via a specially crafted web page, to execute     arbitrary code in a user's browser session.
    (CVE-2017-2492)

The version of Apple iOS running on the mobile device is prior to 10.3. It is, therefore, affected by multiple vulnerabilities in multiple components, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :

  - Accounts
  - Audio
  - Carbon
  - CoreGraphics
  - CoreText
  - DataAccess
  - FontParser
  - HomeKit
  - HTTPProtocol
  - ImageIO
  - iTunes Store
  - JavaScriptCore
  - Kernel
  - Keyboards
  - libarchive
  - libc++abi
  - libxslt
  - Pasteboard
  - Phone
  - Profiles
  - Quick Look
  - Safari
  - Safari Reader
  - SafariViewController
  - Security
  - Siri
  - WebKit
  - WebKit JavaScript Bindings
  - WebKit Web Inspector

This update addresses the following vulnerabilities :

  -     [CVE-2017-2350](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2350),     [CVE-2017-2354](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2354),     [CVE-2017-2355](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2355),     [CVE-2017-2356](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2356),     [CVE-2017-2362](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2362),     [CVE-2017-2363](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2363),     [CVE-2017-2364](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2364),     [CVE-2017-2365](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2365),     [CVE-2017-2366](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2366),     [CVE-2017-2369](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2369),     [CVE-2017-2371](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2371),     [CVE-2017-2373](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2373)

Additional fixes :

  - Make accelerating compositing mode on-demand again. By     default it will only be used for websites that require     it, saving a lot of memory on websites that don&rsquo;t     need it.

  - Release unused UpdateAtlas and reduce the tile coverage     on memory pressure.

  - The media backend now stores preloaded media in /var/tmp     instead of user cache dir.

  - Make inspector work again when accelerated compositing     support is disabled.

  - Fix a deadlock when the media player is destroyed.

  - Fix network process crashes when loading custom URI     schemes.

  - Fix overlay scrollbars that are over a subframe.

  - Fix a crash in GraphicsContext3D::drawArrays when using     OpenGL 3.2 core profile.

  - Fix BadDamage X errors happening when resizing the     WebView.

  - Fix several crashes and rendering issues.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Versions of Safari prior to 10.0.3 are affected by multiple vulnerabilities :

 - A prototype access flaw exists that is triggered when handling exceptions. With specially crafted web content, a context-dependent attacker may exfiltrate cross-origin data. (CVE-2017-2350)
 - A type confusion flaw exists that is triggered as input is not properly validated when handling SearchInputType objects. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-2354)
 - An unspecified memory initialization flaw exists that may allow a context-dependent attacker to potentially execute arbitrary code. No further details have been provided. (CVE-2017-2355)
 - A flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2356)
 - An unspecified state management flaw exists that may allow a context-dependent attacker to spoof the address bar. No further details have been provided. (CVE-2017-2359)
 - A flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2362, CVE-2017-2366, CVE-2017-2369)
 - A flaw exists that is triggered as input is not properly validated when handling page loading. This may allow a context-dependent attacker to exfiltrate cross-origin data. (CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2373)

The version of iOS running on the mobile device is prior to 10.2.1, and is affected by multiple vulnerabilities :

 - A prototype access flaw exists that is triggered when handling exceptions. With specially crafted web content, a context-dependent attacker may exfiltrate cross-origin data. (CVE-2017-2350)
 - A flaw exists in WiFi that is triggered when handling user input. This may allow a physically present attacker to bypass the lock and briefly access the home screen. (CVE-2017-2351)
 - A logic flaw exists related to state management in Auto Unlock. This may allow a physically present attacker to potentially unlock a watch when it is off the user's wrist. (CVE-2017-2352)
 - A type confusion flaw exists that is triggered as input is not properly validated when handling 'SearchInputType' objects. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-2354)
 - An unspecified memory initialization flaw exists that may allow a context-dependent attacker to potentially execute arbitrary code. No further details have been provided. (CVE-2017-2355)
 - A flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2356, CVE-2017-2362, CVE-2017-2366, CVE-2017-2369, CVE-2017-2373)
 - A use-after-free error exists in the 'host_self_trap' mach trap. This may allow a local attacker to dereference already freed memory and gain elevated privileges. (CVE-2017-2360)
 - A flaw exists that is triggered as input is not properly validated when handling page loading. This may allow a context-dependent attacker to exfiltrate cross-origin data. (CVE-2017-2363, CVE-2017-2364)
 - A flaw exists that is triggered as input is not properly validated when handling variables. This may allow a context-dependent attacker to exfiltrate cross-origin data. (CVE-2017-2365)
 - A flaw exists in Contacts that is triggered as input is not properly validated during the handling of a specially crafted contact card. This may allow a context-dependent attacker to crash the system. (CVE-2017-2368)
 - An overflow condition exists in the 'mach_voucher_extract_attr_recipe_trap()' function that is triggered as certain input is not properly validated. This may allow a local attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2017-2370)
 - An unspecified flaw exists that may allow a context-dependent attacker to bypass popup restrictions via a specially crafted website. No further details have been provided. (CVE-2017-2371)

The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 10.0.3. It is, therefore, affected by multiple vulnerabilities :

  - A prototype access flaw exists in WebKit when handling     exceptions. An unauthenticated, remote attacker can     exploit this, via specially crafted web content, to     disclose cross-origin data. (CVE-2017-2350)

  - Multiple memory corruption issues exist in WebKit due to     improper validation of certain unspecified input. An     unauthenticated, remote attacker can exploit these, via     specially crafted web content, to corrupt memory,     resulting in the execution of arbitrary code.
    (CVE-2017-2354, CVE-2017-2356, CVE-2017-2362,     CVE-2017-2366, CVE-2017-2369, CVE-2017-2373)

  - An unspecified memory initialization flaw exists in     WebKit that allows an unauthenticated, remote attacker     to execute arbitrary code. (CVE-2017-2355)

  - An unspecified state management flaw exists that allows     an unauthenticated, remote attacker to spoof the address     bar. (CVE-2017-2359)

  - Multiple flaws exist in WebKit when handling page     loading due to improper validation of certain     unspecified input. An unauthenticated, remote attacker     can exploit these, via specially crafted web content, to     disclose cross-origin data. (CVE-2017-2363,     CVE-2017-2364)

  - A flaw exists in WebKit when handling variables due to     improper validation of certain unspecified input. An     unauthenticated, remote attacker can exploit this, via     specially crafted web content, to disclose cross-origin     data. (CVE-2017-2365)

The version of Apple iOS running on the mobile device is prior to 10.2.1. It is, therefore, affected by multiple vulnerabilities in multiple components, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :

  - Auto Unlock
  - Contacts
  - Kernel
  - libarchive
  - WebKit
  - WiFi

ID	Name	Product	Family	Severity
106549	openSUSE Security Update : webkit2gtk3 (openSUSE-2018-118) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
106370	SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2018:0219-1) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
104526	openSUSE Security Update : webkit2gtk3 (openSUSE-2017-1268)	Nessus	SuSE Local Security Checks	medium
104428	SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2017:2933-1)	Nessus	SuSE Local Security Checks	medium
100675	GLSA-201706-15 : WebKitGTK+: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
99278	Ubuntu 16.04 LTS / 16.10 : webkit2gtk vulnerabilities (USN-3257-1)	Nessus	Ubuntu Local Security Checks	medium
99167	macOS : Apple Safari < 10.1 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	medium
99127	Apple iOS < 10.3 Multiple Vulnerabilities	Nessus	Mobile Devices	critical
97448	Fedora 25 : webkitgtk4 (2017-0beb752b6e)	Nessus	Fedora Local Security Checks	medium
97428	Fedora 24 : webkitgtk4 (2017-b1abcbe695)	Nessus	Fedora Local Security Checks	medium
97222	Ubuntu 16.04 LTS / 16.10 : webkit2gtk vulnerabilities (USN-3200-1)	Nessus	Ubuntu Local Security Checks	medium
9931	Safari < 10.0.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
9929	Apple iOS < 10.2.1 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
96798	macOS : Apple Safari < 10.0.3 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	medium
96730	Apple iOS < 10.2.1 Multiple Vulnerabilities	Nessus	Mobile Devices	high

CVE-2017-2364

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins