CVE-2016-10226

Priority
Medium
Description
JavaScriptCore in WebKit, as distributed in Safari Technology Preview
Release 18, allows remote attackers to cause a denial of service (bitfield
out-of-bounds read and application crash) via crafted JavaScript code that
is mishandled in the operatorString function, related to
assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and
wasm/WasmB3IRGenerator.cpp.
References
Bugs
Notes
 jdstrand> webkit receives limited support. For details, see
 https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit
 jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [see notes])
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Patches:
Upstream:https://trac.webkit.org/changeset/209295
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 17.04 (Zesty Zapus):needs-triage
Patches:
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 17.04 (Zesty Zapus):not-affected
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 17.04 (Zesty Zapus):not-affected
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [see notes])
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 17.04 (Zesty Zapus):needs-triage
More Information

Updated: 2017-08-11 23:19:36 UTC (commit 13081)