SUSE-SU-2020:1211-1

Опубликовано: 07 мая 2020

Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

Security issue fixed:

CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution (bsc#1170643).

Non-security issues fixed:

Update to version 2.28.2 (bsc#1170643):
- Fix excessive CPU usage due to GdkFrameClock not being stopped.
- Fix UI process crash when EGL_WL_bind_wayland_display extension is not available.
- Fix position of select popup menus in X11.
- Fix playing of Youtube 'live stream'/H264 URLs.
- Fix a crash under X11 when cairo uses xcb.
- Fix the build in MIPS64.
- Fix several crashes and rendering issues.

Список пакетов

HPE Helion OpenStack 8

libjavascriptcoregtk-4_0-18-2.28.2-2.53.2

libwebkit2gtk-4_0-37-2.28.2-2.53.2

libwebkit2gtk3-lang-2.28.2-2.53.2

typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2-4_0-2.28.2-2.53.2

webkit2gtk-4_0-injected-bundles-2.28.2-2.53.2

SUSE Enterprise Storage 5

libjavascriptcoregtk-4_0-18-2.28.2-2.53.2

libwebkit2gtk-4_0-37-2.28.2-2.53.2

libwebkit2gtk3-lang-2.28.2-2.53.2

typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2-4_0-2.28.2-2.53.2

webkit2gtk-4_0-injected-bundles-2.28.2-2.53.2

SUSE Linux Enterprise Server 12 SP2-BCL

libjavascriptcoregtk-4_0-18-2.28.2-2.53.2

libwebkit2gtk-4_0-37-2.28.2-2.53.2

libwebkit2gtk3-lang-2.28.2-2.53.2

typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2WebExtension-4_0-2.28.2-2.53.2

webkit2gtk-4_0-injected-bundles-2.28.2-2.53.2

webkit2gtk3-devel-2.28.2-2.53.2

SUSE Linux Enterprise Server 12 SP2-LTSS

libjavascriptcoregtk-4_0-18-2.28.2-2.53.2

libwebkit2gtk-4_0-37-2.28.2-2.53.2

libwebkit2gtk3-lang-2.28.2-2.53.2

typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2WebExtension-4_0-2.28.2-2.53.2

webkit2gtk-4_0-injected-bundles-2.28.2-2.53.2

webkit2gtk3-devel-2.28.2-2.53.2

SUSE Linux Enterprise Server 12 SP3-BCL

libjavascriptcoregtk-4_0-18-2.28.2-2.53.2

libwebkit2gtk-4_0-37-2.28.2-2.53.2

typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2-4_0-2.28.2-2.53.2

webkit2gtk-4_0-injected-bundles-2.28.2-2.53.2

SUSE Linux Enterprise Server 12 SP3-LTSS

libjavascriptcoregtk-4_0-18-2.28.2-2.53.2

libwebkit2gtk-4_0-37-2.28.2-2.53.2

libwebkit2gtk3-lang-2.28.2-2.53.2

typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2-4_0-2.28.2-2.53.2

webkit2gtk-4_0-injected-bundles-2.28.2-2.53.2

SUSE Linux Enterprise Server 12 SP4

libjavascriptcoregtk-4_0-18-2.28.2-2.53.2

libwebkit2gtk-4_0-37-2.28.2-2.53.2

libwebkit2gtk3-lang-2.28.2-2.53.2

typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2-4_0-2.28.2-2.53.2

webkit2gtk-4_0-injected-bundles-2.28.2-2.53.2

SUSE Linux Enterprise Server 12 SP5

libjavascriptcoregtk-4_0-18-2.28.2-2.53.2

libwebkit2gtk-4_0-37-2.28.2-2.53.2

libwebkit2gtk3-lang-2.28.2-2.53.2

typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2WebExtension-4_0-2.28.2-2.53.2

webkit2gtk-4_0-injected-bundles-2.28.2-2.53.2

SUSE Linux Enterprise Server for SAP Applications 12 SP2

libjavascriptcoregtk-4_0-18-2.28.2-2.53.2

libwebkit2gtk-4_0-37-2.28.2-2.53.2

libwebkit2gtk3-lang-2.28.2-2.53.2

typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2WebExtension-4_0-2.28.2-2.53.2

webkit2gtk-4_0-injected-bundles-2.28.2-2.53.2

webkit2gtk3-devel-2.28.2-2.53.2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

libjavascriptcoregtk-4_0-18-2.28.2-2.53.2

libwebkit2gtk-4_0-37-2.28.2-2.53.2

libwebkit2gtk3-lang-2.28.2-2.53.2

typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2-4_0-2.28.2-2.53.2

webkit2gtk-4_0-injected-bundles-2.28.2-2.53.2

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libjavascriptcoregtk-4_0-18-2.28.2-2.53.2

libwebkit2gtk-4_0-37-2.28.2-2.53.2

libwebkit2gtk3-lang-2.28.2-2.53.2

typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2-4_0-2.28.2-2.53.2

webkit2gtk-4_0-injected-bundles-2.28.2-2.53.2

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libjavascriptcoregtk-4_0-18-2.28.2-2.53.2

libwebkit2gtk-4_0-37-2.28.2-2.53.2

libwebkit2gtk3-lang-2.28.2-2.53.2

typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2WebExtension-4_0-2.28.2-2.53.2

webkit2gtk-4_0-injected-bundles-2.28.2-2.53.2

SUSE Linux Enterprise Software Development Kit 12 SP4

typelib-1_0-WebKit2WebExtension-4_0-2.28.2-2.53.2

webkit2gtk3-devel-2.28.2-2.53.2

SUSE Linux Enterprise Software Development Kit 12 SP5

typelib-1_0-WebKit2WebExtension-4_0-2.28.2-2.53.2

webkit2gtk3-devel-2.28.2-2.53.2

SUSE Linux Enterprise Workstation Extension 12 SP4

libwebkit2gtk3-lang-2.28.2-2.53.2

SUSE OpenStack Cloud 7

libjavascriptcoregtk-4_0-18-2.28.2-2.53.2

libwebkit2gtk-4_0-37-2.28.2-2.53.2

libwebkit2gtk3-lang-2.28.2-2.53.2

typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2WebExtension-4_0-2.28.2-2.53.2

webkit2gtk-4_0-injected-bundles-2.28.2-2.53.2

webkit2gtk3-devel-2.28.2-2.53.2

SUSE OpenStack Cloud 8

libjavascriptcoregtk-4_0-18-2.28.2-2.53.2

libwebkit2gtk-4_0-37-2.28.2-2.53.2

libwebkit2gtk3-lang-2.28.2-2.53.2

typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2-4_0-2.28.2-2.53.2

webkit2gtk-4_0-injected-bundles-2.28.2-2.53.2

SUSE OpenStack Cloud Crowbar 8

libjavascriptcoregtk-4_0-18-2.28.2-2.53.2

libwebkit2gtk-4_0-37-2.28.2-2.53.2

libwebkit2gtk3-lang-2.28.2-2.53.2

typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53.2

typelib-1_0-WebKit2-4_0-2.28.2-2.53.2

webkit2gtk-4_0-injected-bundles-2.28.2-2.53.2

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201211-1/
Link for SUSE-SU-2020:1211-1
https://lists.suse.com/pipermail/sle-security-updates/2020-May/006800.html
E-Mail link for SUSE-SU-2020:1211-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1170643
SUSE Bug 1170643
https://www.suse.com/security/cve/CVE-2020-3899/
SUSE CVE CVE-2020-3899 page

Описание

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.

Затронутые продукты

HPE Helion OpenStack 8:libjavascriptcoregtk-4_0-18-2.28.2-2.53.2

HPE Helion OpenStack 8:libwebkit2gtk-4_0-37-2.28.2-2.53.2

HPE Helion OpenStack 8:libwebkit2gtk3-lang-2.28.2-2.53.2

HPE Helion OpenStack 8:typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-3899.html
CVE-2020-3899
https://bugzilla.suse.com/1170643
SUSE Bug 1170643

SUSE-SU-2020:1211-1

Описание

Список пакетов

HPE Helion OpenStack 8

SUSE Enterprise Storage 5

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server 12 SP3-BCL

SUSE Linux Enterprise Server 12 SP3-LTSS

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE Linux Enterprise Workstation Extension 12 SP4

SUSE OpenStack Cloud 7

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud Crowbar 8

Ссылки

Уязвимость: CVE-2020-3899

Описание

Затронутые продукты

Ссылки