Описание
Security update for webkit2gtk3
This update for webkit2gtk3 to version 2.28.1 fixes the following issues:
Security issues fixed:
- CVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528).
- CVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658).
- CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719).
- CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719).
- CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719).
- CVE-2020-3862: Fixed a memory handling issue (bsc#1163809).
- CVE-2020-3867: Fixed an XSS issue (bsc#1163809).
- CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809).
- CVE-2020-3864,CVE-2020-3865: Fixed logic issues in the DOM object context handling (bsc#1163809).
Non-security issues fixed:
- Add API to enable Process Swap on (Cross-site) Navigation.
- Add user messages API for the communication with the web extension.
- Add support for same-site cookies.
- Service workers are enabled by default.
- Add support for Pointer Lock API.
- Add flatpak sandbox support.
- Make ondemand hardware acceleration policy never leave accelerated compositing mode.
- Always use a light theme for rendering form controls.
- Add about:gpu to show information about the graphics stack.
- Fixed issues while trying to play a video on NextCloud.
- Fixed vertical alignment of text containing arabic diacritics.
- Fixed build with icu 65.1.
- Fixed page loading errors with websites using HSTS.
- Fixed web process crash when displaying a KaTeX formula.
- Fixed several crashes and rendering issues.
- Switched to a single web process for Evolution and geary (bsc#1159329).
Список пакетов
HPE Helion OpenStack 8
SUSE Enterprise Storage 5
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE Linux Enterprise Workstation Extension 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Ссылки
- Link for SUSE-SU-2020:1135-1
- E-Mail link for SUSE-SU-2020:1135-1
- SUSE Security Ratings
- SUSE Bug 1155321
- SUSE Bug 1156318
- SUSE Bug 1159329
- SUSE Bug 1161719
- SUSE Bug 1163809
- SUSE Bug 1165528
- SUSE Bug 1169658
- SUSE CVE CVE-2019-8625 page
- SUSE CVE CVE-2019-8710 page
- SUSE CVE CVE-2019-8720 page
- SUSE CVE CVE-2019-8743 page
- SUSE CVE CVE-2019-8764 page
- SUSE CVE CVE-2019-8766 page
- SUSE CVE CVE-2019-8769 page
- SUSE CVE CVE-2019-8771 page
- SUSE CVE CVE-2019-8782 page
- SUSE CVE CVE-2019-8783 page
Описание
A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.
Затронутые продукты
Ссылки
- CVE-2019-8625
- SUSE Bug 1155321
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8710
- SUSE Bug 1156318
Описание
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
Затронутые продукты
Ссылки
- CVE-2019-8720
- SUSE Bug 1155321
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8743
- SUSE Bug 1156318
Описание
A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting.
Затронутые продукты
Ссылки
- CVE-2019-8764
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8766
- SUSE Bug 1156318
Описание
An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history.
Затронутые продукты
Ссылки
- CVE-2019-8769
- SUSE Bug 1155321
Описание
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy.
Затронутые продукты
Ссылки
- CVE-2019-8771
- SUSE Bug 1155321
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8782
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8783
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8808
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8811
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8812
- SUSE Bug 1156318
Описание
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting.
Затронутые продукты
Ссылки
- CVE-2019-8813
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8814
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8815
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8816
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8819
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8820
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8823
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8835
- SUSE Bug 1161719
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8844
- SUSE Bug 1161719
Описание
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8846
- SUSE Bug 1161719
Описание
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.
Затронутые продукты
Ссылки
- CVE-2020-10018
- SUSE Bug 1165528
Описание
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
Затронутые продукты
Ссылки
- CVE-2020-11793
- SUSE Bug 1169658
Описание
A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2020-3862
- SUSE Bug 1163809
Описание
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.
Затронутые продукты
Ссылки
- CVE-2020-3864
- SUSE Bug 1163809
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2020-3865
- SUSE Bug 1163809
Описание
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.
Затронутые продукты
Ссылки
- CVE-2020-3867
- SUSE Bug 1163809
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2020-3868
- SUSE Bug 1163809