WebKitGTK+ versions prior to 2.10.5 suffer from arbitrary code execution and denial of service vulnerabilities.
d70757561f6963c96b16ee3214ef4f90509c31293a8c0b779b7531052b443330
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0001
------------------------------------------------------------------------
Date reported : February 01, 2016
Advisory ID : WSA-2016-0001
Advisory URL : https://webkitgtk.org/security/WSA-2016-0001.html
CVE identifiers : CVE-2015-7096, CVE-2015-7098.
Several vulnerabilities were discovered on WebKitGTK+.
CVE-2015-7096
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Apple.
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before
9.1 allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted web site, a different vulnerability than CVE-2015-7048,
CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099,
CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
CVE-2015-7098
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Apple.
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before
9.1 allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted web site, a different vulnerability than CVE-2015-7048,
CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099,
CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
February 01, 2016