Описание
Security update for webkitgtk
This update for webkitgtk fixes the following issues:
- webkitgtk was updated to version 2.4.10 (boo#971460):
- Fix rendering of form controls and scrollbars with GTK+ >= 3.19.
- Fix crashes on PPC64.
- Fix the build on powerpc 32 bits.
- Add ARM64 build support.
- Security fixes: CVE-2015-1120, CVE-2015-1076, CVE-2015-1071, CVE-2015-1081, CVE-2015-1122, CVE-2015-1155, CVE-2014-1748, CVE-2015-3752, CVE-2015-5809, CVE-2015-5928, CVE-2015-3749, CVE-2015-3659, CVE-2015-3748, CVE-2015-3743, CVE-2015-3731, CVE-2015-3745, CVE-2015-5822, CVE-2015-3658, CVE-2015-3741, CVE-2015-3727, CVE-2015-5801, CVE-2015-5788, CVE-2015-3747, CVE-2015-5794, CVE-2015-1127, CVE-2015-1153, CVE-2015-1083.
- Updated translations.
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0915-1
- SUSE Security Ratings
Описание
The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.
Затронутые продукты
Ссылки
- CVE-2014-1748
- SUSE Bug 909707
- SUSE Bug 971460
Описание
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Затронутые продукты
Ссылки
- CVE-2015-1071
- SUSE Bug 923223
- SUSE Bug 971460
Описание
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Затронутые продукты
Ссылки
- CVE-2015-1076
- SUSE Bug 923223
- SUSE Bug 971460
Описание
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Затронутые продукты
Ссылки
- CVE-2015-1081
- SUSE Bug 923223
- SUSE Bug 971460
Описание
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
Затронутые продукты
Ссылки
- CVE-2015-1083
- SUSE Bug 923223
- SUSE Bug 971460
Описание
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
Затронутые продукты
Ссылки
- CVE-2015-1120
- SUSE Bug 928380
- SUSE Bug 971460
Описание
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
Затронутые продукты
Ссылки
- CVE-2015-1122
- SUSE Bug 1082221
- SUSE Bug 928380
- SUSE Bug 971460
Описание
The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.
Затронутые продукты
Ссылки
- CVE-2015-1127
- SUSE Bug 928380
- SUSE Bug 971460
Описание
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154.
Затронутые продукты
Ссылки
- CVE-2015-1153
- SUSE Bug 971460
Описание
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2015-1155
- SUSE Bug 1082221
- SUSE Bug 971460
Описание
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2015-3658
- SUSE Bug 971460
Описание
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2015-3659
- SUSE Bug 936835
- SUSE Bug 936836
- SUSE Bug 971460
Описание
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2015-3727
- SUSE Bug 971460
Описание
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Затронутые продукты
Ссылки
- CVE-2015-3731
- SUSE Bug 971460
Описание
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Затронутые продукты
Ссылки
- CVE-2015-3741
- SUSE Bug 971460
Описание
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Затронутые продукты
Ссылки
- CVE-2015-3743
- SUSE Bug 971460
Описание
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Затронутые продукты
Ссылки
- CVE-2015-3745
- SUSE Bug 971460
Описание
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Затронутые продукты
Ссылки
- CVE-2015-3747
- SUSE Bug 971460
Описание
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Затронутые продукты
Ссылки
- CVE-2015-3748
- SUSE Bug 971460
Описание
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Затронутые продукты
Ссылки
- CVE-2015-3749
- SUSE Bug 971460
Описание
The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request.
Затронутые продукты
Ссылки
- CVE-2015-3752
- SUSE Bug 971460
Описание
The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.
Затронутые продукты
Ссылки
- CVE-2015-5788
- SUSE Bug 971460
Описание
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Затронутые продукты
Ссылки
- CVE-2015-5794
- SUSE Bug 971460
Описание
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Затронутые продукты
Ссылки
- CVE-2015-5801
- SUSE Bug 971460
Описание
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Затронутые продукты
Ссылки
- CVE-2015-5809
- SUSE Bug 971460
Описание
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Затронутые продукты
Ссылки
- CVE-2015-5822
- SUSE Bug 971460
Описание
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
Затронутые продукты
Ссылки
- CVE-2015-5928
- SUSE Bug 971460