Описание
Security update for webkit2gtk3
This update for webkit2gtk3 to version 2.22.5 fixes the following issues:
Security issues fixed:
- CVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392, CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998, bsc#1110279)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
Ссылки
- E-Mail link for openSUSE-SU-2019:0081-1
- SUSE Security Ratings
- SUSE Bug 1110279
- SUSE Bug 1116998
- SUSE Bug 1119558
- SUSE CVE CVE-2018-11713 page
- SUSE CVE CVE-2018-4162 page
- SUSE CVE CVE-2018-4163 page
- SUSE CVE CVE-2018-4165 page
- SUSE CVE CVE-2018-4191 page
- SUSE CVE CVE-2018-4197 page
- SUSE CVE CVE-2018-4207 page
- SUSE CVE CVE-2018-4208 page
- SUSE CVE CVE-2018-4209 page
- SUSE CVE CVE-2018-4210 page
- SUSE CVE CVE-2018-4212 page
- SUSE CVE CVE-2018-4213 page
- SUSE CVE CVE-2018-4299 page
- SUSE CVE CVE-2018-4306 page
- SUSE CVE CVE-2018-4309 page
Описание
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.
Затронутые продукты
Ссылки
- CVE-2018-11713
- SUSE Bug 1096060
- SUSE Bug 1097693
Описание
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2018-4162
- SUSE Bug 1088182
Описание
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2018-4163
- SUSE Bug 1088182
Описание
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2018-4165
- SUSE Bug 1088182
Описание
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4191
- SUSE Bug 1110279
Описание
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4197
- SUSE Bug 1110279
Описание
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
Затронутые продукты
Ссылки
- CVE-2018-4207
- SUSE Bug 1110279
Описание
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
Затронутые продукты
Ссылки
- CVE-2018-4208
- SUSE Bug 1110279
Описание
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
Затронутые продукты
Ссылки
- CVE-2018-4209
- SUSE Bug 1110279
Описание
In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.
Затронутые продукты
Ссылки
- CVE-2018-4210
- SUSE Bug 1110279
Описание
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
Затронутые продукты
Ссылки
- CVE-2018-4212
- SUSE Bug 1110279
Описание
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
Затронутые продукты
Ссылки
- CVE-2018-4213
- SUSE Bug 1110279
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4299
- SUSE Bug 1110279
Описание
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4306
- SUSE Bug 1110279
Описание
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4309
- SUSE Bug 1110279
Описание
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4312
- SUSE Bug 1110279
Описание
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4314
- SUSE Bug 1110279
Описание
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4315
- SUSE Bug 1110279
Описание
A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4316
- SUSE Bug 1110279
Описание
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4317
- SUSE Bug 1110279
Описание
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4318
- SUSE Bug 1110279
Описание
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4319
- SUSE Bug 1110279
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4323
- SUSE Bug 1110279
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4328
- SUSE Bug 1110279
Описание
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4345
- SUSE Bug 1116998
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4358
- SUSE Bug 1110279
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4359
- SUSE Bug 1110279
Описание
A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Затронутые продукты
Ссылки
- CVE-2018-4361
- SUSE Bug 1110279
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
Затронутые продукты
Ссылки
- CVE-2018-4372
- SUSE Bug 1116998
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
Затронутые продукты
Ссылки
- CVE-2018-4373
- SUSE Bug 1116998
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
Затронутые продукты
Ссылки
- CVE-2018-4375
- SUSE Bug 1116998
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
Затронутые продукты
Ссылки
- CVE-2018-4376
- SUSE Bug 1116998
Описание
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
Затронутые продукты
Ссылки
- CVE-2018-4378
- SUSE Bug 1116998
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
Затронутые продукты
Ссылки
- CVE-2018-4382
- SUSE Bug 1116998
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
Затронутые продукты
Ссылки
- CVE-2018-4386
- SUSE Bug 1116998
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
Затронутые продукты
Ссылки
- CVE-2018-4392
- SUSE Bug 1116998
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
Затронутые продукты
Ссылки
- CVE-2018-4416
- SUSE Bug 1116998
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
Затронутые продукты
Ссылки
- CVE-2018-4437
- SUSE Bug 1119553
Описание
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
Затронутые продукты
Ссылки
- CVE-2018-4438
- SUSE Bug 1119554
Описание
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
Затронутые продукты
Ссылки
- CVE-2018-4441
- SUSE Bug 1119555
Описание
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
Затронутые продукты
Ссылки
- CVE-2018-4442
- SUSE Bug 1119556
Описание
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
Затронутые продукты
Ссылки
- CVE-2018-4443
- SUSE Bug 1119557
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
Затронутые продукты
Ссылки
- CVE-2018-4464
- SUSE Bug 1119553
- SUSE Bug 1119558