Jump to:

CVE-2018-11713

Jump to:

CVE-2018-11713

Package libsoup updated to version 2.62.2-alt0.M80P.1 for branch p8 in task 207745.

Published: 2018-06-04
Modified: 2024-11-21

CVE-2018-11713

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

https://bugs.webkit.org/show_bug.cgi?id=126384
https://bugs.webkit.org/show_bug.cgi?id=126384
GLSA-201808-04
GLSA-201808-04
https://trac.webkit.org/changeset/228088/webkit
https://trac.webkit.org/changeset/228088/webkit

Version: 2.1.0

Package libsoup update in p8 on 2018-06-10

ALT-PU-2018-1890-1

Closed vulnerabilities

CVE-2018-11713