CVE-2018-4209
Published: 28 September 2018
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
Priority
CVSS 3 base score: 8.8
Status
Package | Release | Status |
---|---|---|
qtwebkit Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
qtwebkit-opensource-src Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
cosmic |
Ignored
(reached end-of-life)
|
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Needs triage
|
|
jammy |
Needs triage
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
qtwebkit-source Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
cosmic |
Ignored
(reached end-of-life)
|
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
webkit2gtk Launchpad, Ubuntu, Debian |
bionic |
Released
(2.22.2-0ubuntu0.18.04.1)
|
cosmic |
Released
(2.22.2-1ubuntu1)
|
|
disco |
Released
(2.22.2-1ubuntu1)
|
|
eoan |
Released
(2.22.2-1ubuntu1)
|
|
focal |
Released
(2.22.2-1ubuntu1)
|
|
groovy |
Released
(2.22.2-1ubuntu1)
|
|
hirsute |
Released
(2.22.2-1ubuntu1)
|
|
impish |
Released
(2.22.2-1ubuntu1)
|
|
jammy |
Released
(2.22.2-1ubuntu1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.22.0)
|
|
xenial |
Deferred
|
|
webkitgtk Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
cosmic |
Ignored
(reached end-of-life)
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
Notes
Author | Note |
---|---|
jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4209
- https://www.openwall.com/lists/oss-security/2018/09/29/1
- https://webkitgtk.org/security/WSA-2018-0007.html
- https://ubuntu.com/security/notices/USN-3781-1
- NVD
- Launchpad
- Debian