Описание
Security update for webkit2gtk3
This update for webkit2gtk3 to version 2.28.1 fixes the following issues:
Security issues fixed:
- CVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528).
- CVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658).
Non-security issues fixed:
- Add API to enable Process Swap on (Cross-site) Navigation.
- Add user messages API for the communication with the web extension.
- Add support for same-site cookies.
- Service workers are enabled by default.
- Add support for Pointer Lock API.
- Add flatpak sandbox support.
- Make ondemand hardware acceleration policy never leave accelerated compositing mode.
- Always use a light theme for rendering form controls.
- Add about:gpu to show information about the graphics stack.
Список пакетов
SUSE Linux Enterprise High Performance Computing 15-ESPOS
libjavascriptcoregtk-4_0-18-2.28.1-3.49.2
libwebkit2gtk-4_0-37-2.28.1-3.49.2
libwebkit2gtk3-lang-2.28.1-3.49.2
webkit2gtk-4_0-injected-bundles-2.28.1-3.49.2
webkit2gtk3-devel-2.28.1-3.49.2
SUSE Linux Enterprise High Performance Computing 15-LTSS
libjavascriptcoregtk-4_0-18-2.28.1-3.49.2
libwebkit2gtk-4_0-37-2.28.1-3.49.2
libwebkit2gtk3-lang-2.28.1-3.49.2
webkit2gtk-4_0-injected-bundles-2.28.1-3.49.2
webkit2gtk3-devel-2.28.1-3.49.2
SUSE Linux Enterprise Module for Basesystem 15 SP1
libjavascriptcoregtk-4_0-18-2.28.1-3.49.2
libwebkit2gtk-4_0-37-2.28.1-3.49.2
libwebkit2gtk3-lang-2.28.1-3.49.2
webkit2gtk-4_0-injected-bundles-2.28.1-3.49.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
typelib-1_0-JavaScriptCore-4_0-2.28.1-3.49.2
typelib-1_0-WebKit2-4_0-2.28.1-3.49.2
typelib-1_0-WebKit2WebExtension-4_0-2.28.1-3.49.2
webkit2gtk3-devel-2.28.1-3.49.2
SUSE Linux Enterprise Server 15-LTSS
libjavascriptcoregtk-4_0-18-2.28.1-3.49.2
libwebkit2gtk-4_0-37-2.28.1-3.49.2
libwebkit2gtk3-lang-2.28.1-3.49.2
webkit2gtk-4_0-injected-bundles-2.28.1-3.49.2
webkit2gtk3-devel-2.28.1-3.49.2
SUSE Linux Enterprise Server for SAP Applications 15
libjavascriptcoregtk-4_0-18-2.28.1-3.49.2
libwebkit2gtk-4_0-37-2.28.1-3.49.2
libwebkit2gtk3-lang-2.28.1-3.49.2
webkit2gtk-4_0-injected-bundles-2.28.1-3.49.2
webkit2gtk3-devel-2.28.1-3.49.2
Ссылки
- Link for SUSE-SU-2020:1109-1
- E-Mail link for SUSE-SU-2020:1109-1
- SUSE Security Ratings
- SUSE Bug 1165528
- SUSE Bug 1169658
- SUSE CVE CVE-2020-10018 page
- SUSE CVE CVE-2020-11793 page
Описание
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libjavascriptcoregtk-4_0-18-2.28.1-3.49.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk-4_0-37-2.28.1-3.49.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk3-lang-2.28.1-3.49.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:webkit2gtk-4_0-injected-bundles-2.28.1-3.49.2
Ссылки
- CVE-2020-10018
- SUSE Bug 1165528
Описание
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libjavascriptcoregtk-4_0-18-2.28.1-3.49.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk-4_0-37-2.28.1-3.49.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk3-lang-2.28.1-3.49.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:webkit2gtk-4_0-injected-bundles-2.28.1-3.49.2
Ссылки
- CVE-2020-11793
- SUSE Bug 1169658