Quoting Apple security advisories: A memory corruption issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. References: http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html Upstream commit: http://trac.webkit.org/changeset/34204 Upstream bug report (restricted and not accessible at the moment): https://bugs.webkit.org/show_bug.cgi?id=19294
This issue should affect WebKit versions currently in F8 and F9 (WebKit-1.0.0-0.9.svn32531). Should not affect F9-candidate (WebKit-1.0.0-0.10.svn34279.fc9) and Rawhide (WebKit-1.0.0-0.13.svn34655.fc10).
WebKit-1.0.0-0.11.svn34655.fc9 has been submitted as an update for Fedora 9
WebKit-1.0.0-0.10.svn34655.fc8 has been submitted as an update for Fedora 8
WebKit-1.0.0-0.11.svn34655.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
WebKit-1.0.0-0.10.svn34655.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-6220 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-6186