Bug 627366 (CVE-2010-1780, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790, CVE-2010-1792, CVE-2010-1793)
Summary: | CVE-2010-1780 CVE-2010-1782 CVE-2010-1783 CVE-2010-1784 CVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790 CVE-2010-1792 CVE-2010-1793 WebKit: multiple vulnerabilities in WebKitGTK | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | fedora, huzaifas, kevin, martin.sourada, mtasaka, stransky |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-03-07 07:06:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 631583, 640385, 640386 | ||
Bug Blocks: |
Description
Vincent Danen
2010-08-25 20:14:07 UTC
Upstream fixes for this issue that will make it into 1.2.4: CVE-2010-1780: Git: f5a22bf6b3951999255708361c9200f6d2fd8425 CVE-2010-1782: Git: 31e4e68e93b116b1c948c85ca94273640d78427e CVE-2010-1783: Git: 31e4e68e93b116b1c948c85ca94273640d78427e (note this issue was also assigned the name CVE-2010-2648) CVE-2010-1784: Git: 39f4ec0146af0102c241d876ebb8a03b61570401 CVE-2010-1785: Git: e68c7098411c0a3ff70cdc08e613b1a5e795b1fd and 31cbc85273cc56a26bea85de78fa009e18e0f91e CVE-2010-1787: Git: bab92909e0d1d76016562684cc588f92d48fdd06 CVE-2010-1788: Git: ed3c7278abc3bc0dfacf3f22ea48a708530f5f3d CVE-2010-1790: Git: 243f04c23ba228ec5d28f59510d03e0ea4d4f546 CVE-2010-1792: Git: 63528d9c152c1f18fe82583b58e2348c86eeb266 CVE-2010-1793: Git: e5bad7c10655bc20dee226113612684a80474147 Waiting on confirmation for CVE-2010-1786 from upstream. CVE-2010-1786: Git: a32f127d8e71ed7654261d4dac36c689fb7eaf05 Upstream 1.2.4 is release: ================ WebKitGTK+ 1.2.4 ================ What's new in WebKitGTK+ 1.2.4? - New stable release, API and ABI compatible with previous 1.2.x versions; - The patches to fix the following CVEs are included with help from Vincent Danen and other members of the Red Hat security team: CVE-2010-1781 CVE-2010-1782 CVE-2010-1784 CVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790 CVE-2010-1792 CVE-2010-1793 CVE-2010-2648 There is some confusion here, however, as CVE-2010-1781 should not have affected webkitgtk, and there is no mention of CVE-2010-1780. Checking with upstream regarding that. Everything else is corrected in that release. Created webkitgtk tracking bugs for this issue Affects: fedora-all [bug 631583] CVE-2010-1781 was a typo; CVE-2010-1780 is indeed corrected in 1.2.4 (verified the upstream git commit and it's presence in 1.2.4). *** Bug 668336 has been marked as a duplicate of this bug. *** This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0177 https://rhn.redhat.com/errata/RHSA-2011-0177.html |