Описание
Security update for epiphany
This update for epiphany fixes the following issues:
- CVE-2018-11396: Fixed a JavaScript crash when an invalid URI is opened (boo#1094464).
Список пакетов
openSUSE Leap 15.0
epiphany-3.28.1.1-lp151.3.3.1
epiphany-branding-upstream-3.28.1.1-lp151.3.3.1
epiphany-lang-3.28.1.1-lp151.3.3.1
gnome-shell-search-provider-epiphany-3.28.1.1-lp151.3.3.1
openSUSE Leap 15.1
epiphany-3.28.1.1-lp151.3.3.1
epiphany-branding-upstream-3.28.1.1-lp151.3.3.1
epiphany-lang-3.28.1.1-lp151.3.3.1
gnome-shell-search-provider-epiphany-3.28.1.1-lp151.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:2318-1
- SUSE Security Ratings
- SUSE Bug 1094464
- SUSE CVE CVE-2018-11396 page
Описание
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
Затронутые продукты
openSUSE Leap 15.0:epiphany-3.28.1.1-lp151.3.3.1
openSUSE Leap 15.0:epiphany-branding-upstream-3.28.1.1-lp151.3.3.1
openSUSE Leap 15.0:epiphany-lang-3.28.1.1-lp151.3.3.1
openSUSE Leap 15.0:gnome-shell-search-provider-epiphany-3.28.1.1-lp151.3.3.1
Ссылки
- CVE-2018-11396
- SUSE Bug 1094464
- SUSE Bug 1096688