CVE-2017-2367
Published: 01 April 2017
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Priority
Medium
CVSS 3 base score: 6.5
Status
| Package | Release | Status |
|---|---|---|
|
qtwebkit Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
qtwebkit-opensource-src Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Needs triage
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Needs triage
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needs triage
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needs triage
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Needs triage
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
qtwebkit-source Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needs triage
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(end of standard support, was needs-triage)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
|
|
webkit Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
webkit2gtk Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.14.6)
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(2.16.1-1)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(2.16.1-1)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(2.16.1-1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(2.16.1-1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(2.16.1-0ubuntu0.16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
webkitgtk Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needs triage
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(end of standard support, was needs-triage)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was needs-triage)
|
Notes
| Author | Note |
|---|---|
| jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 |