SUSE-SU-2020:2069-1

Опубликовано: 29 июл. 2020

Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

Update to version 2.28.3 (bsc#1173998):
- Enable kinetic scrolling with async scrolling.
- Fix web process hangs on large GitHub pages.
- Bubblewrap sandbox should not attempt to bind empty paths.
- Fix threading issues in the media player.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.

Список пакетов

HPE Helion OpenStack 8

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

libwebkit2gtk3-lang-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

SUSE Enterprise Storage 5

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

libwebkit2gtk3-lang-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

SUSE Linux Enterprise Server 12 SP2-BCL

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

libwebkit2gtk3-lang-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

webkit2gtk3-devel-2.28.3-2.56.1

SUSE Linux Enterprise Server 12 SP2-LTSS

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

libwebkit2gtk3-lang-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

webkit2gtk3-devel-2.28.3-2.56.1

SUSE Linux Enterprise Server 12 SP3-BCL

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

SUSE Linux Enterprise Server 12 SP3-LTSS

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

libwebkit2gtk3-lang-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

SUSE Linux Enterprise Server 12 SP4-LTSS

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

libwebkit2gtk3-lang-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

SUSE Linux Enterprise Server 12 SP5

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

libwebkit2gtk3-lang-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

libwebkit2gtk3-lang-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

webkit2gtk3-devel-2.28.3-2.56.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

libwebkit2gtk3-lang-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

libwebkit2gtk3-lang-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

libwebkit2gtk3-lang-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

SUSE Linux Enterprise Software Development Kit 12 SP5

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk3-devel-2.28.3-2.56.1

SUSE OpenStack Cloud 7

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

libwebkit2gtk3-lang-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

webkit2gtk3-devel-2.28.3-2.56.1

SUSE OpenStack Cloud 8

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

libwebkit2gtk3-lang-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

SUSE OpenStack Cloud 9

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

libwebkit2gtk3-lang-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

SUSE OpenStack Cloud Crowbar 8

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

libwebkit2gtk3-lang-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

SUSE OpenStack Cloud Crowbar 9

libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

libwebkit2gtk-4_0-37-2.28.3-2.56.1

libwebkit2gtk3-lang-2.28.3-2.56.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2-4_0-2.28.3-2.56.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1

webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20202069-1/
Link for SUSE-SU-2020:2069-1
https://lists.suse.com/pipermail/sle-security-updates/2020-July/007191.html
E-Mail link for SUSE-SU-2020:2069-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1173998
SUSE Bug 1173998
https://www.suse.com/security/cve/CVE-2020-13753/
SUSE CVE CVE-2020-13753 page
https://www.suse.com/security/cve/CVE-2020-9802/
SUSE CVE CVE-2020-9802 page
https://www.suse.com/security/cve/CVE-2020-9803/
SUSE CVE CVE-2020-9803 page
https://www.suse.com/security/cve/CVE-2020-9805/
SUSE CVE CVE-2020-9805 page
https://www.suse.com/security/cve/CVE-2020-9806/
SUSE CVE CVE-2020-9806 page
https://www.suse.com/security/cve/CVE-2020-9807/
SUSE CVE CVE-2020-9807 page
https://www.suse.com/security/cve/CVE-2020-9843/
SUSE CVE CVE-2020-9843 page
https://www.suse.com/security/cve/CVE-2020-9850/
SUSE CVE CVE-2020-9850 page

Описание

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.

Затронутые продукты

HPE Helion OpenStack 8:libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

HPE Helion OpenStack 8:libwebkit2gtk-4_0-37-2.28.3-2.56.1

HPE Helion OpenStack 8:libwebkit2gtk3-lang-2.28.3-2.56.1

HPE Helion OpenStack 8:typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-13753.html
CVE-2020-13753
https://bugzilla.suse.com/1173998
SUSE Bug 1173998

Описание

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты

HPE Helion OpenStack 8:libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

HPE Helion OpenStack 8:libwebkit2gtk-4_0-37-2.28.3-2.56.1

HPE Helion OpenStack 8:libwebkit2gtk3-lang-2.28.3-2.56.1

HPE Helion OpenStack 8:typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-9802.html
CVE-2020-9802
https://bugzilla.suse.com/1173998
SUSE Bug 1173998

Описание

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты

HPE Helion OpenStack 8:libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

HPE Helion OpenStack 8:libwebkit2gtk-4_0-37-2.28.3-2.56.1

HPE Helion OpenStack 8:libwebkit2gtk3-lang-2.28.3-2.56.1

HPE Helion OpenStack 8:typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-9803.html
CVE-2020-9803
https://bugzilla.suse.com/1173998
SUSE Bug 1173998

Описание

Затронутые продукты

HPE Helion OpenStack 8:libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

HPE Helion OpenStack 8:libwebkit2gtk-4_0-37-2.28.3-2.56.1

HPE Helion OpenStack 8:libwebkit2gtk3-lang-2.28.3-2.56.1

HPE Helion OpenStack 8:typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-9805.html
CVE-2020-9805
https://bugzilla.suse.com/1173998
SUSE Bug 1173998

Описание

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты

HPE Helion OpenStack 8:libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

HPE Helion OpenStack 8:libwebkit2gtk-4_0-37-2.28.3-2.56.1

HPE Helion OpenStack 8:libwebkit2gtk3-lang-2.28.3-2.56.1

HPE Helion OpenStack 8:typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-9806.html
CVE-2020-9806
https://bugzilla.suse.com/1173998
SUSE Bug 1173998

Описание

Затронутые продукты

HPE Helion OpenStack 8:libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

HPE Helion OpenStack 8:libwebkit2gtk-4_0-37-2.28.3-2.56.1

HPE Helion OpenStack 8:libwebkit2gtk3-lang-2.28.3-2.56.1

HPE Helion OpenStack 8:typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-9807.html
CVE-2020-9807
https://bugzilla.suse.com/1173998
SUSE Bug 1173998

Описание

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack.

Затронутые продукты

HPE Helion OpenStack 8:libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

HPE Helion OpenStack 8:libwebkit2gtk-4_0-37-2.28.3-2.56.1

HPE Helion OpenStack 8:libwebkit2gtk3-lang-2.28.3-2.56.1

HPE Helion OpenStack 8:typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-9843.html
CVE-2020-9843
https://bugzilla.suse.com/1173998
SUSE Bug 1173998

Описание

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.

Затронутые продукты

HPE Helion OpenStack 8:libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

HPE Helion OpenStack 8:libwebkit2gtk-4_0-37-2.28.3-2.56.1

HPE Helion OpenStack 8:libwebkit2gtk3-lang-2.28.3-2.56.1

HPE Helion OpenStack 8:typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-9850.html
CVE-2020-9850
https://bugzilla.suse.com/1173998
SUSE Bug 1173998

SUSE-SU-2020:2069-1

Описание

Список пакетов

HPE Helion OpenStack 8

SUSE Enterprise Storage 5

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server 12 SP3-BCL

SUSE Linux Enterprise Server 12 SP3-LTSS

SUSE Linux Enterprise Server 12 SP4-LTSS

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE OpenStack Cloud 7

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud Crowbar 9

Ссылки

Уязвимость: CVE-2020-13753

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-9802

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-9803

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-9805

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-9806

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-9807

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-9843

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-9850

Описание

Затронутые продукты

Ссылки