CVE-2010-3116

Upstream information

CVE-2010-3116 at MITRE

Description

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entry: 601349 [RESOLVED]

SUSE Security Advisories:

SUSE-SR:2011:002, published Tue, 25 Jan 2011 11:00:00 +0000
openSUSE-SU-2011:0024-1, published Wed, 12 Jan 2011 16:08:25 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 11.2	`libwebkit-1_0-2-debuginfo >= 1.2.6-0.5.1` `libwebkit-debugsource >= 1.2.6-0.5.1` `webkit-jsc-debuginfo >= 1.2.6-0.5.1`
openSUSE 11.2	`libwebkit-1_0-2 >= 1.2.6-0.5.1` `libwebkit-devel >= 1.2.6-0.5.1` `libwebkit-lang >= 1.2.6-0.5.1` `webkit-jsc >= 1.2.6-0.5.1`
openSUSE 11.3	`libwebkit-1_0-2-debuginfo >= 1.2.6-0.2.1` `libwebkit-1_0-2-debuginfo-32bit >= 1.2.6-0.2.1` `libwebkit-debugsource >= 1.2.6-0.2.1` `webkit-jsc-debuginfo >= 1.2.6-0.2.1`
openSUSE 11.3	`libwebkit-1_0-2 >= 1.2.6-0.2.1` `libwebkit-1_0-2-32bit >= 1.2.6-0.2.1` `libwebkit-devel >= 1.2.6-0.2.1` `libwebkit-lang >= 1.2.6-0.2.1` `webkit-jsc >= 1.2.6-0.2.1`