SB2016082504 - Fedora 24 update for webkitgtk4
Published: August 25, 2016 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2016-4622)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.
2) Buffer overflow (CVE-ID: CVE-2016-4624)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623.
3) Improper access control (CVE-ID: CVE-2016-4591)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
4) Spoofing attack (CVE-ID: CVE-2016-4590)
The vulnerability allows a remote attacker to cause a spoofing attacks.The vulnerability exists due to a flaw in the parsing of 'about:' URL. A remote unauthenticated attacker can create a specially crafted web site to exploit this vulnerability and spoof user interface elements.
Successful exploitation of this vulnerability may result in disclosure of user information.
Remediation
Install update from vendor's website.