Alpine: webkit2gtk: security update to 2.20.4-r0

critical Tenable Self-Hosted Container Security Plugin ID 407558

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs
functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.
(CVE-2018-12911)

- An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is
affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS
before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It
allows remote attackers to execute arbitrary code via a crafted web site that leverages type confusion.
(CVE-2018-4246)

- Multiple memory corruption issues were addressed with improved memory handling. This issue affected
versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
(CVE-2018-4261, CVE-2018-4263)

- In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for
Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.
(CVE-2018-4262)

See Also

https://security.alpinelinux.org/vuln/CVE-2018-12911

https://security.alpinelinux.org/vuln/CVE-2018-4246

https://security.alpinelinux.org/vuln/CVE-2018-4261

https://security.alpinelinux.org/vuln/CVE-2018-4262

https://security.alpinelinux.org/vuln/CVE-2018-4263

https://security.alpinelinux.org/vuln/CVE-2018-4264

https://security.alpinelinux.org/vuln/CVE-2018-4265

https://security.alpinelinux.org/vuln/CVE-2018-4266

https://security.alpinelinux.org/vuln/CVE-2018-4267

https://security.alpinelinux.org/vuln/CVE-2018-4270

https://security.alpinelinux.org/vuln/CVE-2018-4272

https://security.alpinelinux.org/vuln/CVE-2018-4273

https://security.alpinelinux.org/vuln/CVE-2018-4278

https://security.alpinelinux.org/vuln/CVE-2018-4284

Plugin Details

Severity: Critical

ID: 407558

Version: Revision 1.24

Type: Local

Published: 10/31/2023

Updated: 3/13/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-12911

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/24/2018

Reference Information

CVE: CVE-2018-12911, CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284