Synopsis

Moderate: webkitgtk security update

Type/Severity

Security Advisory: Moderate

Topic

Updated webkitgtk packages that fix several security issues are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

WebKitGTK+ is the port of the portable web rendering engine WebKit to the
GTK+ platform.

Multiple memory corruption flaws were found in WebKit. Malicious web
content could cause an application using WebKitGTK+ to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application. (CVE-2010-1782, CVE-2010-1783, CVE-2010-1784,
CVE-2010-1785, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790, CVE-2010-1792,
CVE-2010-1807, CVE-2010-1814, CVE-2010-3114, CVE-2010-3116, CVE-2010-3119,
CVE-2010-3255, CVE-2010-3812, CVE-2010-4198)

Multiple use-after-free flaws were found in WebKit. Malicious web content
could cause an application using WebKitGTK+ to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2010-1780, CVE-2010-1786, CVE-2010-1793, CVE-2010-1812,
CVE-2010-1815, CVE-2010-3113, CVE-2010-3257, CVE-2010-4197, CVE-2010-4204)

Two array index errors, leading to out-of-bounds memory reads, were found
in WebKit. Malicious web content could cause an application using
WebKitGTK+ to crash. (CVE-2010-4206, CVE-2010-4577)

A flaw in WebKit could allow malicious web content to trick a user into
thinking they are visiting the site reported by the location bar, when the
page is actually content controlled by an attacker. (CVE-2010-3115)

It was found that WebKit did not correctly restrict read access to images
created from the "canvas" element. Malicious web content could allow a
remote attacker to bypass the same-origin policy and potentially access
sensitive image data. (CVE-2010-3259)

A flaw was found in the way WebKit handled DNS prefetching. Even when it
was disabled, web content containing certain "link" elements could cause
WebKitGTK+ to perform DNS prefetching. (CVE-2010-3813)

Users of WebKitGTK+ should upgrade to these updated packages, which contain
WebKitGTK+ version 1.2.6, and resolve these issues. All running
applications that use WebKitGTK+ must be restarted for this update to take
effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386

Fixes

• BZ - 627366 - CVE-2010-1780 CVE-2010-1782 CVE-2010-1783 CVE-2010-1784 CVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790 CVE-2010-1792 CVE-2010-1793 WebKit: multiple vulnerabilities in WebKitGTK
• BZ - 627703 - CVE-2010-1807 webkit: input validation error when parsing certain NaN values
• BZ - 628032 - CVE-2010-3113 webkit: memory corruption when handling SVG documents
• BZ - 628035 - CVE-2010-3114 webkit: bad cast with text editing
• BZ - 628071 - CVE-2010-3115 webkit: address bar spoofing with history bug
• BZ - 628076 - CVE-2010-3119 webkit: DoS due to improper Ruby support
• BZ - 631939 - CVE-2010-1812 webkit: use-after-free flaw in handling of selections
• BZ - 631946 - CVE-2010-1814 webkit: memory corruption flaw when handling form menus
• BZ - 631948 - CVE-2010-1815 webkit: use-after-free flaw when handling scrollbars
• BZ - 640353 - CVE-2010-3116 webkit: memory corruption with MIME types
• BZ - 640357 - CVE-2010-3257 webkit: stale pointer issue with focusing
• BZ - 640360 - CVE-2010-3259 webkit: cross-origin image theft
• BZ - 645914 - CVE-2010-3255 webkit: DoS via improper handling of counter nodes
• BZ - 656115 - CVE-2010-4197 WebKit: Use-after-free vulnerabiity related to text editing causes memory corruption
• BZ - 656118 - CVE-2010-4198 WebKit: Memory corruption due to improper handling of large text area
• BZ - 656126 - CVE-2010-4204 WebKit: Use-after-free vulnerability related frame object
• BZ - 656129 - CVE-2010-4206 WebKit: Array index error during processing of an SVG document
• BZ - 667022 - CVE-2010-3812 webkit: Integer overflow in WebKit's handling of Text objects
• BZ - 667024 - CVE-2010-3813 webkit: HTMLLinkElement ignores dnsPrefetchingEnabled setting
• BZ - 667025 - CVE-2010-4577 webkit: CSS Font Face Parsing Type Confusion Vulnerability

CVEs

• CVE-2010-1807
• CVE-2010-1784
• CVE-2010-1785
• CVE-2010-1786
• CVE-2010-1787
• CVE-2010-1780
• CVE-2010-1782
• CVE-2010-1783
• CVE-2010-1788
• CVE-2010-4197
• CVE-2010-3812
• CVE-2010-3813
• CVE-2010-3259
• CVE-2010-3255
• CVE-2010-3257
• CVE-2010-4198
• CVE-2010-3113
• CVE-2010-3116
• CVE-2010-3115
• CVE-2010-3114
• CVE-2010-3119
• CVE-2010-1814
• CVE-2010-1815
• CVE-2010-1812
• CVE-2010-1793
• CVE-2010-1792
• CVE-2010-1790
• CVE-2010-4206
• CVE-2010-4204
• CVE-2010-4577

References

• https://access.redhat.com/security/updates/classification/#moderate

Red Hat Enterprise Linux Server 6

SRPM
webkitgtk-1.2.6-2.el6_0.src.rpm	SHA-256: aa4882ce9c9edb46d91f71b52448b7fe3a336e7f7301b9af3ca10f610bc28a34
x86_64
webkitgtk-1.2.6-2.el6_0.i686.rpm	SHA-256: 4b1216fcf3fac0bb36e56bec539dff1c66a779d78c66424ff3dd39e220a6839f
webkitgtk-1.2.6-2.el6_0.x86_64.rpm	SHA-256: b8d804f77c48afee1139d3b05901a6923325f85b9f013768de2818d3a0a1e708
webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm	SHA-256: e3399c2ab0e97b2d4a91279e7ca20c367092e7077ae3ccac34eca513f9d58857
webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm	SHA-256: e3399c2ab0e97b2d4a91279e7ca20c367092e7077ae3ccac34eca513f9d58857
webkitgtk-debuginfo-1.2.6-2.el6_0.x86_64.rpm	SHA-256: 9ad4c2669573ada78525e29dd7728ce788e27e8f99c1e96b2b3f872b142122a2
webkitgtk-debuginfo-1.2.6-2.el6_0.x86_64.rpm	SHA-256: 9ad4c2669573ada78525e29dd7728ce788e27e8f99c1e96b2b3f872b142122a2
webkitgtk-devel-1.2.6-2.el6_0.i686.rpm	SHA-256: b18002529b00d1f61cce0d3f98e14f8f777934e700cb38e2d8ef10e5f235f4f4
webkitgtk-devel-1.2.6-2.el6_0.x86_64.rpm	SHA-256: bc81bb4f5e16b4257f362eb449a208fe1e9c938b564b5a589035f4e575b7af96
webkitgtk-doc-1.2.6-2.el6_0.x86_64.rpm	SHA-256: 1bafee5dc398a2a90b494fd9e039dcad5acf0e63c1b13b852679658602c4c174
i386
webkitgtk-1.2.6-2.el6_0.i686.rpm	SHA-256: 4b1216fcf3fac0bb36e56bec539dff1c66a779d78c66424ff3dd39e220a6839f
webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm	SHA-256: e3399c2ab0e97b2d4a91279e7ca20c367092e7077ae3ccac34eca513f9d58857
webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm	SHA-256: e3399c2ab0e97b2d4a91279e7ca20c367092e7077ae3ccac34eca513f9d58857
webkitgtk-devel-1.2.6-2.el6_0.i686.rpm	SHA-256: b18002529b00d1f61cce0d3f98e14f8f777934e700cb38e2d8ef10e5f235f4f4
webkitgtk-doc-1.2.6-2.el6_0.i686.rpm	SHA-256: 49a6ffee4f43fa3fda1737bd0bf17864499570e45b8f985bcf4e92a3994cde05

Red Hat Enterprise Linux Workstation 6

SRPM
webkitgtk-1.2.6-2.el6_0.src.rpm	SHA-256: aa4882ce9c9edb46d91f71b52448b7fe3a336e7f7301b9af3ca10f610bc28a34
x86_64
webkitgtk-1.2.6-2.el6_0.i686.rpm	SHA-256: 4b1216fcf3fac0bb36e56bec539dff1c66a779d78c66424ff3dd39e220a6839f
webkitgtk-1.2.6-2.el6_0.x86_64.rpm	SHA-256: b8d804f77c48afee1139d3b05901a6923325f85b9f013768de2818d3a0a1e708
webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm	SHA-256: e3399c2ab0e97b2d4a91279e7ca20c367092e7077ae3ccac34eca513f9d58857
webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm	SHA-256: e3399c2ab0e97b2d4a91279e7ca20c367092e7077ae3ccac34eca513f9d58857
webkitgtk-debuginfo-1.2.6-2.el6_0.x86_64.rpm	SHA-256: 9ad4c2669573ada78525e29dd7728ce788e27e8f99c1e96b2b3f872b142122a2
webkitgtk-debuginfo-1.2.6-2.el6_0.x86_64.rpm	SHA-256: 9ad4c2669573ada78525e29dd7728ce788e27e8f99c1e96b2b3f872b142122a2
webkitgtk-devel-1.2.6-2.el6_0.i686.rpm	SHA-256: b18002529b00d1f61cce0d3f98e14f8f777934e700cb38e2d8ef10e5f235f4f4
webkitgtk-devel-1.2.6-2.el6_0.x86_64.rpm	SHA-256: bc81bb4f5e16b4257f362eb449a208fe1e9c938b564b5a589035f4e575b7af96
webkitgtk-doc-1.2.6-2.el6_0.x86_64.rpm	SHA-256: 1bafee5dc398a2a90b494fd9e039dcad5acf0e63c1b13b852679658602c4c174
i386
webkitgtk-1.2.6-2.el6_0.i686.rpm	SHA-256: 4b1216fcf3fac0bb36e56bec539dff1c66a779d78c66424ff3dd39e220a6839f
webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm	SHA-256: e3399c2ab0e97b2d4a91279e7ca20c367092e7077ae3ccac34eca513f9d58857
webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm	SHA-256: e3399c2ab0e97b2d4a91279e7ca20c367092e7077ae3ccac34eca513f9d58857
webkitgtk-devel-1.2.6-2.el6_0.i686.rpm	SHA-256: b18002529b00d1f61cce0d3f98e14f8f777934e700cb38e2d8ef10e5f235f4f4
webkitgtk-doc-1.2.6-2.el6_0.i686.rpm	SHA-256: 49a6ffee4f43fa3fda1737bd0bf17864499570e45b8f985bcf4e92a3994cde05

Red Hat Enterprise Linux Desktop 6

SRPM
webkitgtk-1.2.6-2.el6_0.src.rpm	SHA-256: aa4882ce9c9edb46d91f71b52448b7fe3a336e7f7301b9af3ca10f610bc28a34
x86_64
webkitgtk-1.2.6-2.el6_0.i686.rpm	SHA-256: 4b1216fcf3fac0bb36e56bec539dff1c66a779d78c66424ff3dd39e220a6839f
webkitgtk-1.2.6-2.el6_0.x86_64.rpm	SHA-256: b8d804f77c48afee1139d3b05901a6923325f85b9f013768de2818d3a0a1e708
webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm	SHA-256: e3399c2ab0e97b2d4a91279e7ca20c367092e7077ae3ccac34eca513f9d58857
webkitgtk-debuginfo-1.2.6-2.el6_0.x86_64.rpm	SHA-256: 9ad4c2669573ada78525e29dd7728ce788e27e8f99c1e96b2b3f872b142122a2
webkitgtk-debuginfo-1.2.6-2.el6_0.x86_64.rpm	SHA-256: 9ad4c2669573ada78525e29dd7728ce788e27e8f99c1e96b2b3f872b142122a2
webkitgtk-devel-1.2.6-2.el6_0.i686.rpm	SHA-256: b18002529b00d1f61cce0d3f98e14f8f777934e700cb38e2d8ef10e5f235f4f4
webkitgtk-devel-1.2.6-2.el6_0.x86_64.rpm	SHA-256: bc81bb4f5e16b4257f362eb449a208fe1e9c938b564b5a589035f4e575b7af96
webkitgtk-doc-1.2.6-2.el6_0.x86_64.rpm	SHA-256: 1bafee5dc398a2a90b494fd9e039dcad5acf0e63c1b13b852679658602c4c174
i386
webkitgtk-1.2.6-2.el6_0.i686.rpm	SHA-256: 4b1216fcf3fac0bb36e56bec539dff1c66a779d78c66424ff3dd39e220a6839f
webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm	SHA-256: e3399c2ab0e97b2d4a91279e7ca20c367092e7077ae3ccac34eca513f9d58857
webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm	SHA-256: e3399c2ab0e97b2d4a91279e7ca20c367092e7077ae3ccac34eca513f9d58857
webkitgtk-devel-1.2.6-2.el6_0.i686.rpm	SHA-256: b18002529b00d1f61cce0d3f98e14f8f777934e700cb38e2d8ef10e5f235f4f4
webkitgtk-doc-1.2.6-2.el6_0.i686.rpm	SHA-256: 49a6ffee4f43fa3fda1737bd0bf17864499570e45b8f985bcf4e92a3994cde05

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
webkitgtk-1.2.6-2.el6_0.src.rpm	SHA-256: aa4882ce9c9edb46d91f71b52448b7fe3a336e7f7301b9af3ca10f610bc28a34
s390x
webkitgtk-1.2.6-2.el6_0.s390.rpm	SHA-256: 9b18820b085cc2486c9150619b7f99894fd84df581497fd2431bebeefd16f5c4
webkitgtk-1.2.6-2.el6_0.s390x.rpm	SHA-256: f710a0bf24674b34a380e779101cc90a5a4cc50fb213e5be00bcefee4689a845
webkitgtk-debuginfo-1.2.6-2.el6_0.s390.rpm	SHA-256: e0dd30c134d9c6c8e9ef250f79bb2c379d3c4e53e09d235e0795b3e6ca740032
webkitgtk-debuginfo-1.2.6-2.el6_0.s390.rpm	SHA-256: e0dd30c134d9c6c8e9ef250f79bb2c379d3c4e53e09d235e0795b3e6ca740032
webkitgtk-debuginfo-1.2.6-2.el6_0.s390x.rpm	SHA-256: 7b3078bc1c33d69ed496dbf1ba49e950eeeb64cb05c8e4c54605c78dc16445c8
webkitgtk-debuginfo-1.2.6-2.el6_0.s390x.rpm	SHA-256: 7b3078bc1c33d69ed496dbf1ba49e950eeeb64cb05c8e4c54605c78dc16445c8
webkitgtk-devel-1.2.6-2.el6_0.s390.rpm	SHA-256: bac1064d964436313fe4ae1c94ea89e1b9f31e8a5dde125ed49515e6dffd0053
webkitgtk-devel-1.2.6-2.el6_0.s390x.rpm	SHA-256: 8d6133d2358938df301bd061aed8af8056523a115c6a9d7c2f4e3a342f5f4121
webkitgtk-doc-1.2.6-2.el6_0.s390x.rpm	SHA-256: cb2e7a70e119b6c434672752c350ef61bf997c2fb8c6ad79fe2d382235b63506

Red Hat Enterprise Linux for Power, big endian 6

SRPM
webkitgtk-1.2.6-2.el6_0.src.rpm	SHA-256: aa4882ce9c9edb46d91f71b52448b7fe3a336e7f7301b9af3ca10f610bc28a34
ppc64
webkitgtk-1.2.6-2.el6_0.ppc.rpm	SHA-256: d1c77783c487d21a88def97cc2bd813d8ac91015322dc287fa0c1354f633efad
webkitgtk-1.2.6-2.el6_0.ppc64.rpm	SHA-256: 8eee3ce33c08dc1d747cdc54526033988c6e0526cdc58830d678907ed5eef0f7
webkitgtk-debuginfo-1.2.6-2.el6_0.ppc.rpm	SHA-256: bd0daea9b0c68d122df99e0c72af6c107ce73fe9c3b3a89864d77ffd961ab6d2
webkitgtk-debuginfo-1.2.6-2.el6_0.ppc.rpm	SHA-256: bd0daea9b0c68d122df99e0c72af6c107ce73fe9c3b3a89864d77ffd961ab6d2
webkitgtk-debuginfo-1.2.6-2.el6_0.ppc64.rpm	SHA-256: 010afb9343abf3822923eae808b72591bb8967e9e716488634fc69511e9f0c8c
webkitgtk-debuginfo-1.2.6-2.el6_0.ppc64.rpm	SHA-256: 010afb9343abf3822923eae808b72591bb8967e9e716488634fc69511e9f0c8c
webkitgtk-devel-1.2.6-2.el6_0.ppc.rpm	SHA-256: 8fd2c988d8eb0b87a27f574a44aa385ab675417b4a85415f2644775137314e5f
webkitgtk-devel-1.2.6-2.el6_0.ppc64.rpm	SHA-256: 894e620bf201f93b879e012a61819222ddf8a14645349449c7ce8913529b02de
webkitgtk-doc-1.2.6-2.el6_0.ppc64.rpm	SHA-256: e725b381ce4c0e27c294220ab89df3b22cec1b0bfb7474980951f69e9e870f1d

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
webkitgtk-1.2.6-2.el6_0.src.rpm	SHA-256: aa4882ce9c9edb46d91f71b52448b7fe3a336e7f7301b9af3ca10f610bc28a34
x86_64
webkitgtk-1.2.6-2.el6_0.i686.rpm	SHA-256: 4b1216fcf3fac0bb36e56bec539dff1c66a779d78c66424ff3dd39e220a6839f
webkitgtk-1.2.6-2.el6_0.x86_64.rpm	SHA-256: b8d804f77c48afee1139d3b05901a6923325f85b9f013768de2818d3a0a1e708
webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm	SHA-256: e3399c2ab0e97b2d4a91279e7ca20c367092e7077ae3ccac34eca513f9d58857
webkitgtk-debuginfo-1.2.6-2.el6_0.x86_64.rpm	SHA-256: 9ad4c2669573ada78525e29dd7728ce788e27e8f99c1e96b2b3f872b142122a2
webkitgtk-devel-1.2.6-2.el6_0.i686.rpm	SHA-256: b18002529b00d1f61cce0d3f98e14f8f777934e700cb38e2d8ef10e5f235f4f4
webkitgtk-devel-1.2.6-2.el6_0.x86_64.rpm	SHA-256: bc81bb4f5e16b4257f362eb449a208fe1e9c938b564b5a589035f4e575b7af96
webkitgtk-doc-1.2.6-2.el6_0.x86_64.rpm	SHA-256: 1bafee5dc398a2a90b494fd9e039dcad5acf0e63c1b13b852679658602c4c174

Red Hat Enterprise Linux Server from RHUI 6

SRPM
webkitgtk-1.2.6-2.el6_0.src.rpm	SHA-256: aa4882ce9c9edb46d91f71b52448b7fe3a336e7f7301b9af3ca10f610bc28a34
x86_64
webkitgtk-1.2.6-2.el6_0.i686.rpm	SHA-256: 4b1216fcf3fac0bb36e56bec539dff1c66a779d78c66424ff3dd39e220a6839f
webkitgtk-1.2.6-2.el6_0.x86_64.rpm	SHA-256: b8d804f77c48afee1139d3b05901a6923325f85b9f013768de2818d3a0a1e708
webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm	SHA-256: e3399c2ab0e97b2d4a91279e7ca20c367092e7077ae3ccac34eca513f9d58857
webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm	SHA-256: e3399c2ab0e97b2d4a91279e7ca20c367092e7077ae3ccac34eca513f9d58857
webkitgtk-debuginfo-1.2.6-2.el6_0.x86_64.rpm	SHA-256: 9ad4c2669573ada78525e29dd7728ce788e27e8f99c1e96b2b3f872b142122a2
webkitgtk-debuginfo-1.2.6-2.el6_0.x86_64.rpm	SHA-256: 9ad4c2669573ada78525e29dd7728ce788e27e8f99c1e96b2b3f872b142122a2
webkitgtk-devel-1.2.6-2.el6_0.i686.rpm	SHA-256: b18002529b00d1f61cce0d3f98e14f8f777934e700cb38e2d8ef10e5f235f4f4
webkitgtk-devel-1.2.6-2.el6_0.x86_64.rpm	SHA-256: bc81bb4f5e16b4257f362eb449a208fe1e9c938b564b5a589035f4e575b7af96
webkitgtk-doc-1.2.6-2.el6_0.x86_64.rpm	SHA-256: 1bafee5dc398a2a90b494fd9e039dcad5acf0e63c1b13b852679658602c4c174
i386
webkitgtk-1.2.6-2.el6_0.i686.rpm	SHA-256: 4b1216fcf3fac0bb36e56bec539dff1c66a779d78c66424ff3dd39e220a6839f
webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm	SHA-256: e3399c2ab0e97b2d4a91279e7ca20c367092e7077ae3ccac34eca513f9d58857
webkitgtk-debuginfo-1.2.6-2.el6_0.i686.rpm	SHA-256: e3399c2ab0e97b2d4a91279e7ca20c367092e7077ae3ccac34eca513f9d58857
webkitgtk-devel-1.2.6-2.el6_0.i686.rpm	SHA-256: b18002529b00d1f61cce0d3f98e14f8f777934e700cb38e2d8ef10e5f235f4f4
webkitgtk-doc-1.2.6-2.el6_0.i686.rpm	SHA-256: 49a6ffee4f43fa3fda1737bd0bf17864499570e45b8f985bcf4e92a3994cde05