Vulnerability CVE-2015-3659: Information

Description

The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

Severity: MEDIUM (6.8)

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-3659

Published: July 3, 2015

Modified: Dec. 28, 2016

Error type identifier: CWE-264

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
libwebkitgtk2	p10	2.4.11-alt1	2.4.11-alt13	ALT-PU-2016-1315-1	162826	Fixed
libwebkitgtk2	p9	2.4.11-alt1	2.4.11-alt10	ALT-PU-2016-1315-1	162826	Fixed
libwebkitgtk2	c10f1	2.4.11-alt1	2.4.11-alt13	ALT-PU-2016-1315-1	162826	Fixed
libwebkitgtk2	c9f2	2.4.11-alt1	2.4.11-alt10	ALT-PU-2016-1315-1	162826	Fixed
libwebkitgtk3	p10	2.4.10-alt1	2.4.11-alt12	ALT-PU-2016-1245-1	161352	Fixed
libwebkitgtk3	p9	2.4.10-alt1	2.4.11-alt9.1.p9	ALT-PU-2016-1245-1	161352	Fixed
libwebkitgtk3	c10f1	2.4.10-alt1	2.4.11-alt12	ALT-PU-2016-1245-1	161352	Fixed
libwebkitgtk3	c9f2	2.4.10-alt1	2.4.11-alt9.1.p9	ALT-PU-2016-1245-1	161352	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
http://support.apple.com/kb/HT204950	Vendor Advisory
APPLE-SA-2015-06-30-1	Vendor Advisory
APPLE-SA-2015-06-30-4	Vendor Advisory
http://support.apple.com/kb/HT204941	Vendor Advisory
75492
openSUSE-SU-2016:0915
USN-2937-1
1032754

Affected configurations:
1. Configuration 1
  cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
  End including
  10.10.3
  cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
  End including
  8.3
  
  Configuration 2
  cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.6:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.6:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.5:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.5:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
  End including
  6.2.6
  cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0:*:*:*:*:*:*:*

Version: v24.5.0

Vulnerability CVE-2015-3659: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2