Описание
Security update for webkit2gtk3
This update for webkit2gtk3 to version 2.26.4 fixes the following issues:
Security issues fixed:
- CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719).
- CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719).
- CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719).
- CVE-2020-3862: Fixed a memory handling issue (bsc#1163809).
- CVE-2020-3864: Fixed a logic issue in the DOM object context handling (bsc#1163809).
- CVE-2020-3865: Fixed a logic issue in the DOM object context handling (bsc#1163809).
- CVE-2020-3867: Fixed an XSS issue (bsc#1163809).
- CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809).
Non-security issues fixed:
- Fixed issues while trying to play a video on NextCloud.
- Fixed vertical alignment of text containing arabic diacritics.
- Fixed build with icu 65.1.
- Fixed page loading errors with websites using HSTS.
- Fixed web process crash when displaying a KaTeX formula.
- Fixed several crashes and rendering issues.
- Switched to a single web process for Evolution and geary (bsc#1159329 glgo#GNOME/evolution#587).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Module for Basesystem 15
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for Desktop Applications 15
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP Applications 15
Ссылки
- Link for SUSE-SU-2020:0468-1
- E-Mail link for SUSE-SU-2020:0468-1
- SUSE Security Ratings
- SUSE Bug 1159329
- SUSE Bug 1161719
- SUSE Bug 1163809
- SUSE CVE CVE-2019-8835 page
- SUSE CVE CVE-2019-8844 page
- SUSE CVE CVE-2019-8846 page
- SUSE CVE CVE-2020-3862 page
- SUSE CVE CVE-2020-3864 page
- SUSE CVE CVE-2020-3865 page
- SUSE CVE CVE-2020-3867 page
- SUSE CVE CVE-2020-3868 page
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8835
- SUSE Bug 1161719
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8844
- SUSE Bug 1161719
Описание
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8846
- SUSE Bug 1161719
Описание
A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2020-3862
- SUSE Bug 1163809
Описание
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.
Затронутые продукты
Ссылки
- CVE-2020-3864
- SUSE Bug 1163809
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2020-3865
- SUSE Bug 1163809
Описание
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.
Затронутые продукты
Ссылки
- CVE-2020-3867
- SUSE Bug 1163809
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2020-3868
- SUSE Bug 1163809