Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
Security issue fixed:
- CVE-2019-8375: Fixed an issue in UIProcess subsystem which could allow the script dialog size to exceed the web view size leading to Buffer Overflow or other unspecified impact (bsc#1126768).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
libjavascriptcoregtk-4_0-18-2.24.0-2.38.2
libwebkit2gtk-4_0-37-2.24.0-2.38.2
libwebkit2gtk3-lang-2.24.0-2.38.2
typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38.2
typelib-1_0-WebKit2-4_0-2.24.0-2.38.2
webkit2gtk-4_0-injected-bundles-2.24.0-2.38.2
SUSE Linux Enterprise Desktop 12 SP4
libjavascriptcoregtk-4_0-18-2.24.0-2.38.2
libwebkit2gtk-4_0-37-2.24.0-2.38.2
libwebkit2gtk3-lang-2.24.0-2.38.2
typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38.2
typelib-1_0-WebKit2-4_0-2.24.0-2.38.2
webkit2gtk-4_0-injected-bundles-2.24.0-2.38.2
SUSE Linux Enterprise Server 12 SP3
libjavascriptcoregtk-4_0-18-2.24.0-2.38.2
libwebkit2gtk-4_0-37-2.24.0-2.38.2
typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38.2
typelib-1_0-WebKit2-4_0-2.24.0-2.38.2
webkit2gtk-4_0-injected-bundles-2.24.0-2.38.2
SUSE Linux Enterprise Server 12 SP4
libjavascriptcoregtk-4_0-18-2.24.0-2.38.2
libwebkit2gtk-4_0-37-2.24.0-2.38.2
typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38.2
typelib-1_0-WebKit2-4_0-2.24.0-2.38.2
webkit2gtk-4_0-injected-bundles-2.24.0-2.38.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libjavascriptcoregtk-4_0-18-2.24.0-2.38.2
libwebkit2gtk-4_0-37-2.24.0-2.38.2
typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38.2
typelib-1_0-WebKit2-4_0-2.24.0-2.38.2
webkit2gtk-4_0-injected-bundles-2.24.0-2.38.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libjavascriptcoregtk-4_0-18-2.24.0-2.38.2
libwebkit2gtk-4_0-37-2.24.0-2.38.2
typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38.2
typelib-1_0-WebKit2-4_0-2.24.0-2.38.2
webkit2gtk-4_0-injected-bundles-2.24.0-2.38.2
SUSE Linux Enterprise Software Development Kit 12 SP3
typelib-1_0-WebKit2WebExtension-4_0-2.24.0-2.38.2
webkit2gtk3-devel-2.24.0-2.38.2
SUSE Linux Enterprise Software Development Kit 12 SP4
typelib-1_0-WebKit2WebExtension-4_0-2.24.0-2.38.2
webkit2gtk3-devel-2.24.0-2.38.2
SUSE Linux Enterprise Workstation Extension 12 SP3
libwebkit2gtk3-lang-2.24.0-2.38.2
SUSE Linux Enterprise Workstation Extension 12 SP4
libwebkit2gtk3-lang-2.24.0-2.38.2
Ссылки
- Link for SUSE-SU-2019:1030-1
- E-Mail link for SUSE-SU-2019:1030-1
- SUSE Security Ratings
- SUSE Bug 1126768
- SUSE CVE CVE-2019-8375 page
Описание
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libjavascriptcoregtk-4_0-18-2.24.0-2.38.2
SUSE Linux Enterprise Desktop 12 SP3:libwebkit2gtk-4_0-37-2.24.0-2.38.2
SUSE Linux Enterprise Desktop 12 SP3:libwebkit2gtk3-lang-2.24.0-2.38.2
SUSE Linux Enterprise Desktop 12 SP3:typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38.2
Ссылки
- CVE-2019-8375
- SUSE Bug 1126768