7908 – webkit new security issues fixed in 1.8.3

Bug 7908 - webkit new security issues fixed in 1.8.3

Summary: webkit new security issues fixed in 1.8.3

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	2
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:	http://lwn.net/Vulnerabilities/521549/
Whiteboard:	has_procedure, MGA2-32-OK, MGA2-64-OK
Keywords:	validated_update

Depends on:
Blocks:	7413
	Show dependency tree / graph

Reported:	2012-10-26 17:52 CEST by David Walser
Modified:	2012-11-06 20:33 CET (History)
CC List:	2 users (show)

See Also:
Source RPM:	webkit-1.8.1-1.mga2.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2012-10-26 17:52:04 CEST

Ubuntu has issued an advisory on October 25:
http://www.ubuntu.com/usn/usn-1617-1/

webkit 1.8.3 is building in Mageia 2 updates_testing now.

Comment 1 David Walser 2012-10-26 20:58:19 CEST

Updated package for Mageia 2 uploaded.

Advisory:
========================

Updated webkit packages fix security vulnerabilities:

A large number of security issues were discovered in the WebKit browser and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of
service attacks, and arbitrary code execution (CVE-2011-3031, CVE-2011-3038,
CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3051, CVE-2011-3053,
CVE-2011-3059, CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3076,
CVE-2011-3081, CVE-2011-3086, CVE-2011-3090, CVE-2012-1521, CVE-2012-3598,
CVE-2012-3601, CVE-2012-3604, CVE-2012-3611, CVE-2012-3612, CVE-2012-3617,
CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3645,
CVE-2012-3652, CVE-2012-3657, CVE-2012-3669, CVE-2012-3670, CVE-2012-3671,
CVE-2012-3672, CVE-2012-3674).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3672
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3674
http://www.ubuntu.com/usn/usn-1617-1/
========================

Updated packages in core/updates_testing:
========================
webkit-1.8.3-1.mga2
webkit1.0-1.8.3-1.mga2
libwebkitgtk1.0_0-1.8.3-1.mga2
libjavascriptcoregtk1.0_0-1.8.3-1.mga2
libwebkitgtk1.0-devel-1.8.3-1.mga2
webkit-gtklauncher-1.8.3-1.mga2
webkit-jsc-1.8.3-1.mga2
webkit1.0-webinspector-1.8.3-1.mga2
webkit3-1.8.3-1.mga2
webkit3.0-1.8.3-1.mga2
libwebkitgtk3.0_0-1.8.3-1.mga2
libjavascriptcoregtk3.0_0-1.8.3-1.mga2
libwebkitgtk3.0-devel-1.8.3-1.mga2
webkit3-gtklauncher-1.8.3-1.mga2
webkit3-jsc-1.8.3-1.mga2
webkit3.0-webinspector-1.8.3-1.mga2
libjscore-gir1.0-1.8.3-1.mga2
libwebkit-gir1.0-1.8.3-1.mga2
libjscore-gir3.0-1.8.3-1.mga2
libwebkit-gir3.0-1.8.3-1.mga2

from webkit-1.8.3-1.mga2.src.rpm

Assignee: bugsquad => qa-bugs

David Walser 2012-10-29 20:35:38 CET

Blocks: (none) => 7413

Comment 2 claire robinson 2012-11-01 18:06:43 CET

Testing using midori browser which requires most of these rpms and sunspider javascript benchmark.

http://www.webkit.org/perf/sunspider-0.9.1/sunspider-0.9.1/driver.html

Comment 3 claire robinson 2012-11-01 18:31:17 CET

Tested OK i586.

Also checked acid3 http://acid3.acidtests.org/

Whiteboard: (none) => has_procedure mga2-32-OK

Comment 4 Marc Lattemann 2012-11-01 22:56:48 CET

Tested successfully with midori (and chromium-browser) on mga2 x86_64. Nothing to report.

validate updates.

Please use Comment 1 for Advisory and src-rpm.

Could someone from sysadmin team push to Updates? Thanks.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: has_procedure mga2-32-OK => has_procedure, MGA2-32-OK, MGA2-64-OK

Comment 5 Thomas Backlund 2012-11-06 20:33:58 CET

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0324

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.