Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.10.7:
- Fix the build with GTK+ < 3.16.
- Changes from version 2.10.6:
- Fix a deadlock in the Web Process when JavaScript garbage collector was running for a web worker thread that made google maps to hang.
- Fix media controls displaying without controls attribute.
- Fix a Web Process crash when quickly attempting many DnD operations.
- Changes from version 2.10.5:
- Disable DNS prefetch when a proxy is configured.
- Reduce the maximum simultaneous network connections to match other browsers.
- Make WebKitWebView always propagate motion-notify-event signal.
- Add a way to force accelerating compositing mode at runtime using an environment variable.
- Fix input elements and scrollbars rendering with GTK+ 3.19.
- Fix rendering of lines when using solid colors.
- Fix UI process crashes related to not having a main resource response when the load is committed for pages restored from the history cache.
- Fix a WebProcess crash when loading large contents with custom URI schemes API.
- Fix a crash in the UI process when the WebView is destroyed while the screensaver DBus proxy is being created.
- Fix WebProcess crashes due to BadDrawable X errors in accelerated compositing mode.
- Fix crashes on PPC64 due to mprotect() on address not aligned to the page size.
- Fix std::bad_function_call exception raised in dispatchDecidePolicyForNavigationAction.
- Fix downloads of data URLs.
- Fix runtime critical warnings when closing a page containing windowed plugins.
- Fix several crashes and rendering issues.
- Translation updates: French, German, Italian, Turkish.
- Security fixes: CVE-2015-7096, CVE-2015-7098.
- Update to version 2.10.4, notable changes:
- New HTTP disk cache for the Network Process.
- New Web Inspector UI.
- Automatic ScreenServer inhibition when playing fullscreen videos.
- Initial Editor API.
- Performance improvements.
- This update addresses the following security issues: CVE-2015-1122, CVE-2015-1152, CVE-2015-1155, CVE-2015-3660, CVE-2015-3730, CVE-2015-3738, CVE-2015-3740, CVE-2015-3742, CVE-2015-3744, CVE-2015-3746, CVE-2015-3750, CVE-2015-3751, CVE-2015-3754, CVE-2015-3755, CVE-2015-5804, CVE-2015-5805, CVE-2015-5807, CVE-2015-5810, CVE-2015-5813, CVE-2015-5814, CVE-2015-5815, CVE-2015-5817, CVE-2015-5818, CVE-2015-5825, CVE-2015-5827, CVE-2015-5828, CVE-2015-5929, CVE-2015-5930, CVE-2015-5931, CVE-2015-7002, CVE-2015-7013, CVE-2015-7014, CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7102, CVE-2015-7103, CVE-2015-7104
- Add BuildRequires: hyphen-devel to pick up hyphenation support. Note this is broken upstream.
- Build with -DENABLE_DATABASE_PROCESS=OFF and -DENABLE_INDEXED_DATABASE=OFF to avoid an issue with GCC 4.8.
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0761-1
- SUSE Security Ratings
Описание
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
Затронутые продукты
Ссылки
- CVE-2015-1122
- SUSE Bug 1082221
- SUSE Bug 928380
- SUSE Bug 971460
Описание
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.
Затронутые продукты
Ссылки
- CVE-2015-1152
- SUSE Bug 1082221
Описание
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2015-1155
- SUSE Bug 1082221
- SUSE Bug 971460
Описание
Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content.
Затронутые продукты
Ссылки
- CVE-2015-3660
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Затронутые продукты
Ссылки
- CVE-2015-3730
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Затронутые продукты
Ссылки
- CVE-2015-3738
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Затронутые продукты
Ссылки
- CVE-2015-3740
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Затронутые продукты
Ссылки
- CVE-2015-3742
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Затронутые продукты
Ссылки
- CVE-2015-3744
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Затронутые продукты
Ссылки
- CVE-2015-3746
- SUSE Bug 1082221
Описание
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream.
Затронутые продукты
Ссылки
- CVE-2015-3750
- SUSE Bug 1082221
Описание
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element.
Затронутые продукты
Ссылки
- CVE-2015-3751
- SUSE Bug 1082221
Описание
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2015-3754
- SUSE Bug 1082221
Описание
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
Затронутые продукты
Ссылки
- CVE-2015-3755
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Затронутые продукты
Ссылки
- CVE-2015-5804
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Затронутые продукты
Ссылки
- CVE-2015-5805
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Затронутые продукты
Ссылки
- CVE-2015-5807
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Затронутые продукты
Ссылки
- CVE-2015-5810
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Затронутые продукты
Ссылки
- CVE-2015-5813
- SUSE Bug 1082221
Описание
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Затронутые продукты
Ссылки
- CVE-2015-5814
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.
Затронутые продукты
Ссылки
- CVE-2015-5815
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Затронутые продукты
Ссылки
- CVE-2015-5817
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Затронутые продукты
Ссылки
- CVE-2015-5818
- SUSE Bug 1082221
Описание
WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code.
Затронутые продукты
Ссылки
- CVE-2015-5825
- SUSE Bug 1082221
Описание
WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event.
Затронутые продукты
Ссылки
- CVE-2015-5827
- SUSE Bug 1082221
Описание
The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2015-5828
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
Затронутые продукты
Ссылки
- CVE-2015-5929
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
Затронутые продукты
Ссылки
- CVE-2015-5930
- SUSE Bug 1082221
Описание
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
Затронутые продукты
Ссылки
- CVE-2015-5931
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
Затронутые продукты
Ссылки
- CVE-2015-7002
- SUSE Bug 1082221
Описание
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
Затронутые продукты
Ссылки
- CVE-2015-7013
- SUSE Bug 1082221
Описание
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
Затронутые продукты
Ссылки
- CVE-2015-7014
- SUSE Bug 1082221
Описание
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
Затронутые продукты
Ссылки
- CVE-2015-7048
- SUSE Bug 1082221
Описание
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
Затронутые продукты
Ссылки
- CVE-2015-7095
- SUSE Bug 1082221
Описание
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
Затронутые продукты
Ссылки
- CVE-2015-7096
- SUSE Bug 1082221
Описание
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
Затронутые продукты
Ссылки
- CVE-2015-7097
- SUSE Bug 1082221
Описание
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
Затронутые продукты
Ссылки
- CVE-2015-7098
- SUSE Bug 1082221
Описание
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
Затронутые продукты
Ссылки
- CVE-2015-7099
- SUSE Bug 1082221
Описание
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
Затронутые продукты
Ссылки
- CVE-2015-7100
- SUSE Bug 1082221
Описание
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7103.
Затронутые продукты
Ссылки
- CVE-2015-7102
- SUSE Bug 1082221
Описание
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7102.
Затронутые продукты
Ссылки
- CVE-2015-7103
- SUSE Bug 1082221
Описание
WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2015-7104
- SUSE Bug 1082221