Описание
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | webkitgtk | Will not fix | ||
| Red Hat Enterprise Linux 7 | webkitgtk3 | Will not fix | ||
| Red Hat Enterprise Linux 8 | webkit2gtk3 | Not affected | ||
| Red Hat Enterprise Linux 7 | accountsservice | Fixed | RHSA-2018:3140 | 30.10.2018 |
| Red Hat Enterprise Linux 7 | adwaita-icon-theme | Fixed | RHSA-2018:3140 | 30.10.2018 |
| Red Hat Enterprise Linux 7 | appstream-data | Fixed | RHSA-2018:3140 | 30.10.2018 |
| Red Hat Enterprise Linux 7 | atk | Fixed | RHSA-2018:3140 | 30.10.2018 |
| Red Hat Enterprise Linux 7 | at-spi2-atk | Fixed | RHSA-2018:3140 | 30.10.2018 |
| Red Hat Enterprise Linux 7 | at-spi2-core | Fixed | RHSA-2018:3140 | 30.10.2018 |
| Red Hat Enterprise Linux 7 | baobab | Fixed | RHSA-2018:3140 | 30.10.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the li ...
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.
EPSS
5.3 Medium
CVSS3