Mandriva Linux Security Advisory : webkit (MDVSA-2011:039)

critical Nessus Plugin ID 52523

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit.

Please consult the CVE web links for further information.

The updated packages have been upgraded to the latest version (1.2.7) to correct these issues.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 52523

File Name: mandriva_MDVSA-2011-039.nasl

Version: 1.19

Type: local

Published: 3/3/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64webkitgtk1.0-devel, p-cpe:/a:mandriva:linux:lib64webkitgtk1.0_2, p-cpe:/a:mandriva:linux:libwebkitgtk1.0-devel, p-cpe:/a:mandriva:linux:libwebkitgtk1.0_2, p-cpe:/a:mandriva:linux:webkit, p-cpe:/a:mandriva:linux:webkit-gtklauncher, p-cpe:/a:mandriva:linux:webkit-jsc, p-cpe:/a:mandriva:linux:webkit1.0, p-cpe:/a:mandriva:linux:webkit1.0-webinspector, cpe:/o:mandriva:linux:2010.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/2/2011

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2009-2797, CVE-2009-2841, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0314, CVE-2010-0647, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656, CVE-2010-1386, CVE-2010-1387, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1664, CVE-2010-1665, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1814, CVE-2010-1815, CVE-2010-2264, CVE-2010-2647, CVE-2010-2648, CVE-2010-3113, CVE-2010-3114, CVE-2010-3115, CVE-2010-3116, CVE-2010-3119, CVE-2010-3248, CVE-2010-3255, CVE-2010-3257, CVE-2010-3259, CVE-2010-3812, CVE-2010-3813, CVE-2010-4040, CVE-2010-4197, CVE-2010-4198, CVE-2010-4204, CVE-2010-4206

BID: 36339, 36996, 37925, 38372, 38373, 38684, 38685, 38686, 38687, 38688, 38689, 38690, 38691, 38692, 39804, 39808, 40644, 40646, 40647, 40649, 40650, 40653, 40654, 40655, 40656, 40657, 40658, 40659, 40660, 40661, 40662, 40663, 40665, 40666, 40667, 40668, 40669, 40670, 40671, 40672, 40675, 40697, 40698, 40705, 40707, 40710, 40714, 40726, 40727, 40732, 40750, 40753, 40754, 40756, 41051, 41053, 41572, 41573, 41575, 42034, 42035, 42036, 42037, 42038, 42041, 42042, 42043, 42044, 42045, 42046, 42049, 42494, 42500, 43047, 43077, 43079, 43081, 43083, 44199, 44200, 44201, 44203, 44204, 44206, 44215, 44216, 44217, 44954, 44960, 45718, 45719, 45720, 45721

CWE: 200, 264, 94

MDVSA: 2011:039