Bug#574064: webkit: CVE-2010-0046 through CVE-2010-0054 (multiple vulnerabilities)
Michael Gilbert
michael.s.gilbert at gmail.com
Tue Mar 16 02:27:01 UTC 2010
Source: webkit
Version: 1.0.1-4
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for webkit. Apple's report is once again notoriously sparse,
so I can't determine whether debian's webkit packages are affected.
Perhaps more info is available to those with access to the webkit
security list.
CVE-2010-0046[0]:
| The Cascading Style Sheets (CSS) implementation in WebKit in Apple
| Safari before 4.0.5 allows remote attackers to execute arbitrary code
| or cause a denial of service (memory corruption and application crash)
| via crafted format arguments.
CVE-2010-0047[1]:
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5
| allows remote attackers to execute arbitrary code or cause a denial of
| service (application crash) via vectors related to "HTML object
| element fallback content."
CVE-2010-0048[2]:
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5
| allows remote attackers to execute arbitrary code or cause a denial of
| service (application crash) via a crafted XML document.
CVE-2010-0049[3]:
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5
| allows remote attackers to execute arbitrary code or cause a denial of
| service (application crash) via HTML elements with right-to-left (RTL)
| text directionality.
CVE-2010-0050[4]:
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5
| allows remote attackers to execute arbitrary code or cause a denial of
| service (application crash) via an HTML document with improperly
| nested tags.
CVE-2010-0051[5]:
| WebKit in Apple Safari before 4.0.5 does not properly validate the
| cross-origin loading of stylesheets, which allows remote attackers to
| obtain sensitive information via a crafted HTML document. NOTE: this
| might overlap CVE-2010-0651.
CVE-2010-0052[6]:
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5
| allows remote attackers to execute arbitrary code or cause a denial of
| service (application crash) via vectors related to "callbacks for HTML
| elements."
CVE-2010-0053[7]:
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5
| allows remote attackers to execute arbitrary code or cause a denial of
| service (application crash) via vectors related to the run-in
| Cascading Style Sheets (CSS) display property.
CVE-2010-0054[8]:
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5
| allows remote attackers to execute arbitrary code or cause a denial of
| service (application crash) via vectors involving HTML IMG elements.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046
http://security-tracker.debian.org/tracker/CVE-2010-0046
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047
http://security-tracker.debian.org/tracker/CVE-2010-0047
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048
http://security-tracker.debian.org/tracker/CVE-2010-0048
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049
http://security-tracker.debian.org/tracker/CVE-2010-0049
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050
http://security-tracker.debian.org/tracker/CVE-2010-0050
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051
http://security-tracker.debian.org/tracker/CVE-2010-0051
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052
http://security-tracker.debian.org/tracker/CVE-2010-0052
[7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053
http://security-tracker.debian.org/tracker/CVE-2010-0053
[8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054
http://security-tracker.debian.org/tracker/CVE-2010-0054
More information about the Pkg-webkit-maintainers
mailing list