CVE-2018-4299
Published: 28 September 2018
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Priority
CVSS 3 base score: 8.8
Status
Package | Release | Status |
---|---|---|
qtwebkit Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
qtwebkit-opensource-src Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
cosmic |
Ignored
(reached end-of-life)
|
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Needs triage
|
|
jammy |
Needs triage
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
qtwebkit-source Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
cosmic |
Ignored
(reached end-of-life)
|
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
webkit2gtk Launchpad, Ubuntu, Debian |
bionic |
Released
(2.22.2-0ubuntu0.18.04.1)
|
cosmic |
Released
(2.22.2-1ubuntu1)
|
|
disco |
Released
(2.22.2-1ubuntu1)
|
|
eoan |
Released
(2.22.2-1ubuntu1)
|
|
focal |
Released
(2.22.2-1ubuntu1)
|
|
groovy |
Released
(2.22.2-1ubuntu1)
|
|
hirsute |
Released
(2.22.2-1ubuntu1)
|
|
impish |
Released
(2.22.2-1ubuntu1)
|
|
jammy |
Released
(2.22.2-1ubuntu1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.22.0)
|
|
xenial |
Deferred
|
|
webkitgtk Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
cosmic |
Ignored
(reached end-of-life)
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
Notes
Author | Note |
---|---|
jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4299
- https://www.openwall.com/lists/oss-security/2018/09/29/1
- https://webkitgtk.org/security/WSA-2018-0007.html
- https://ubuntu.com/security/notices/USN-3781-1
- NVD
- Launchpad
- Debian