Fedora 13 : webkitgtk-1.2.6-1.fc13 (2011-0121)

high Nessus Plugin ID 51444

Synopsis

The remote Fedora host is missing a security update.

Description

- New stable release, API and ABI compatible with previous 1.2.x versions

- Fixes crashes with newer libpng (>= 1.4)

- The patches to fix the following CVEs are included with help from Huzaifa Sidhpurwala <huzaifas at redhat.com> from the Red Hat security team

CVE-2010-4198 CVE-2010-4197 CVE-2010-4204 CVE-2010-4206 CVE-2010-1791 CVE-2010-3812 CVE-2010-3813 CVE-2010-4577

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected webkitgtk package.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=656115

https://bugzilla.redhat.com/show_bug.cgi?id=656118

https://bugzilla.redhat.com/show_bug.cgi?id=656126

https://bugzilla.redhat.com/show_bug.cgi?id=656129

https://bugzilla.redhat.com/show_bug.cgi?id=667022

https://bugzilla.redhat.com/show_bug.cgi?id=667024

https://bugzilla.redhat.com/show_bug.cgi?id=667025

http://www.nessus.org/u?f6d3c2f0

Plugin Details

Severity: High

ID: 51444

File Name: fedora_2011-0121.nasl

Version: 1.14

Type: local

Agent: unix

Published: 1/10/2011

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:webkitgtk, cpe:/o:fedoraproject:fedora:13

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 1/4/2011

Reference Information

CVE: CVE-2010-3812, CVE-2010-3813, CVE-2010-4197, CVE-2010-4198, CVE-2010-4204, CVE-2010-4206, CVE-2010-4577

BID: 44954, 44960

FEDORA: 2011-0121