Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
Security issue fixed:
- CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution (bsc#1170643).
Non-security issues fixed:
- Update to version 2.28.2 (bsc#1170643):
- Fix excessive CPU usage due to GdkFrameClock not being stopped.
- Fix UI process crash when EGL_WL_bind_wayland_display extension is not available.
- Fix position of select popup menus in X11.
- Fix playing of Youtube 'live stream'/H264 URLs.
- Fix a crash under X11 when cairo uses xcb.
- Fix several crashes and rendering issues.
Список пакетов
SUSE Linux Enterprise High Performance Computing 15-ESPOS
libjavascriptcoregtk-4_0-18-2.28.2-3.54.1
libwebkit2gtk-4_0-37-2.28.2-3.54.1
libwebkit2gtk3-lang-2.28.2-3.54.1
webkit2gtk-4_0-injected-bundles-2.28.2-3.54.1
webkit2gtk3-devel-2.28.2-3.54.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
libjavascriptcoregtk-4_0-18-2.28.2-3.54.1
libwebkit2gtk-4_0-37-2.28.2-3.54.1
libwebkit2gtk3-lang-2.28.2-3.54.1
webkit2gtk-4_0-injected-bundles-2.28.2-3.54.1
webkit2gtk3-devel-2.28.2-3.54.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
libjavascriptcoregtk-4_0-18-2.28.2-3.54.1
libwebkit2gtk-4_0-37-2.28.2-3.54.1
libwebkit2gtk3-lang-2.28.2-3.54.1
webkit2gtk-4_0-injected-bundles-2.28.2-3.54.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
typelib-1_0-JavaScriptCore-4_0-2.28.2-3.54.1
typelib-1_0-WebKit2-4_0-2.28.2-3.54.1
typelib-1_0-WebKit2WebExtension-4_0-2.28.2-3.54.1
webkit2gtk3-devel-2.28.2-3.54.1
SUSE Linux Enterprise Server 15-LTSS
libjavascriptcoregtk-4_0-18-2.28.2-3.54.1
libwebkit2gtk-4_0-37-2.28.2-3.54.1
libwebkit2gtk3-lang-2.28.2-3.54.1
webkit2gtk-4_0-injected-bundles-2.28.2-3.54.1
webkit2gtk3-devel-2.28.2-3.54.1
SUSE Linux Enterprise Server for SAP Applications 15
libjavascriptcoregtk-4_0-18-2.28.2-3.54.1
libwebkit2gtk-4_0-37-2.28.2-3.54.1
libwebkit2gtk3-lang-2.28.2-3.54.1
webkit2gtk-4_0-injected-bundles-2.28.2-3.54.1
webkit2gtk3-devel-2.28.2-3.54.1
Ссылки
- Link for SUSE-SU-2020:1198-1
- E-Mail link for SUSE-SU-2020:1198-1
- SUSE Security Ratings
- SUSE Bug 1170643
- SUSE CVE CVE-2020-3899 page
Описание
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libjavascriptcoregtk-4_0-18-2.28.2-3.54.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk-4_0-37-2.28.2-3.54.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk3-lang-2.28.2-3.54.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:webkit2gtk-4_0-injected-bundles-2.28.2-3.54.1
Ссылки
- CVE-2020-3899
- SUSE Bug 1170643