Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:1990-1

Опубликовано: 21 июл. 2020
Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

  • Update to version 2.28.3 (bsc#1173998):
    • Enable kinetic scrolling with async scrolling.
    • Fix web process hangs on large GitHub pages.
    • Bubblewrap sandbox should not attempt to bind empty paths.
    • Fix threading issues in the media player.
    • Fix several crashes and rendering issues.
    • Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.

Список пакетов

SUSE Linux Enterprise High Performance Computing 15-ESPOS
libjavascriptcoregtk-4_0-18-2.28.3-3.57.2
libwebkit2gtk-4_0-37-2.28.3-3.57.2
libwebkit2gtk3-lang-2.28.3-3.57.2
webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2
webkit2gtk3-devel-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-LTSS
libjavascriptcoregtk-4_0-18-2.28.3-3.57.2
libwebkit2gtk-4_0-37-2.28.3-3.57.2
libwebkit2gtk3-lang-2.28.3-3.57.2
webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2
webkit2gtk3-devel-2.28.3-3.57.2
SUSE Linux Enterprise Module for Basesystem 15 SP1
libjavascriptcoregtk-4_0-18-2.28.3-3.57.2
libwebkit2gtk-4_0-37-2.28.3-3.57.2
libwebkit2gtk3-lang-2.28.3-3.57.2
webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
typelib-1_0-JavaScriptCore-4_0-2.28.3-3.57.2
typelib-1_0-WebKit2-4_0-2.28.3-3.57.2
typelib-1_0-WebKit2WebExtension-4_0-2.28.3-3.57.2
webkit2gtk3-devel-2.28.3-3.57.2
SUSE Linux Enterprise Server 15-LTSS
libjavascriptcoregtk-4_0-18-2.28.3-3.57.2
libwebkit2gtk-4_0-37-2.28.3-3.57.2
libwebkit2gtk3-lang-2.28.3-3.57.2
webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2
webkit2gtk3-devel-2.28.3-3.57.2
SUSE Linux Enterprise Server for SAP Applications 15
libjavascriptcoregtk-4_0-18-2.28.3-3.57.2
libwebkit2gtk-4_0-37-2.28.3-3.57.2
libwebkit2gtk3-lang-2.28.3-3.57.2
webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2
webkit2gtk3-devel-2.28.3-3.57.2

Ссылки

Описание

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libjavascriptcoregtk-4_0-18-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk-4_0-37-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk3-lang-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2
Ссылки

Описание

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libjavascriptcoregtk-4_0-18-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk-4_0-37-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk3-lang-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2
Ссылки

Описание

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libjavascriptcoregtk-4_0-18-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk-4_0-37-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk3-lang-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2
Ссылки

Описание

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libjavascriptcoregtk-4_0-18-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk-4_0-37-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk3-lang-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2
Ссылки

Описание

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libjavascriptcoregtk-4_0-18-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk-4_0-37-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk3-lang-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2
Ссылки

Описание

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libjavascriptcoregtk-4_0-18-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk-4_0-37-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk3-lang-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2
Ссылки

Описание

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libjavascriptcoregtk-4_0-18-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk-4_0-37-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk3-lang-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2
Ссылки

Описание

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libjavascriptcoregtk-4_0-18-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk-4_0-37-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libwebkit2gtk3-lang-2.28.3-3.57.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS:webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2
Ссылки
Уязвимость SUSE-SU-2020:1990-1