Описание
Security update for webkit2gtk3
This update for webkit2gtk3 to version 2.26.2 fixes the following issues:
Webkit2gtk3 was updated to version 2.26.2 (WSA-2019-0005 and WSA-2019-0006, bsc#1155321 bsc#1156318)
Security issues addressed:
- CVE-2019-8625: Fixed a logic issue where by processing maliciously crafted web content may lead to universal cross site scripting.
- CVE-2019-8674: Fixed a logic issue where by processing maliciously crafted web content may lead to universal cross site scripting.
- CVE-2019-8707: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8719: Fixed a logic issue where by processing maliciously crafted web content may lead to universal cross site scripting.
- CVE-2019-8720: Fixed multiple memory corruption issues where by processing maliciously crafted web
content may lead to arbitrary code execution. - CVE-2019-8726: Fixed multiple memory corruption issues where by processing maliciously crafted web
content may lead to arbitrary code execution. - CVE-2019-8733: Fixed multiple memory corruption issues where by processing maliciously crafted web
content may lead to arbitrary code execution. - CVE-2019-8735: Fixed multiple memory corruption issues where by processing maliciously crafted web
content may lead to arbitrary code execution. - CVE-2019-8763: Fixed multiple memory corruption issues where by processing maliciously crafted web
content may lead to arbitrary code execution. - CVE-2019-8768: Fixed an issue where a user may be unable to delete browsing history items.
- CVE-2019-8769: Fixed an issue where a maliciously crafted website may reveal browsing history.
- CVE-2019-8771: Fixed an issue where a maliciously crafted web content may violate iframe sandboxing policy.
- CVE-2019-8710: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8743: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8764: Fixed a logic issue where by processing maliciously crafted web content may lead to universal cross site scripting.
- CVE-2019-8765: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8766: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8782: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8783: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8808: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8811: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8812: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8813: Fixed a logic issue where by processing maliciously crafted web content may lead to universal cross site scripting.
- CVE-2019-8814: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8815: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8816: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8819: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8820: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8821: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8822: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2019-8823: Fixed multiple memory corruption issues where by processing maliciously crafted web content may lead to arbitrary code execution.
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2019:2591-1
- SUSE Security Ratings
- SUSE Bug 1155321
- SUSE Bug 1156318
- SUSE CVE CVE-2019-8551 page
- SUSE CVE CVE-2019-8558 page
- SUSE CVE CVE-2019-8559 page
- SUSE CVE CVE-2019-8563 page
- SUSE CVE CVE-2019-8625 page
- SUSE CVE CVE-2019-8674 page
- SUSE CVE CVE-2019-8681 page
- SUSE CVE CVE-2019-8684 page
- SUSE CVE CVE-2019-8686 page
- SUSE CVE CVE-2019-8687 page
- SUSE CVE CVE-2019-8688 page
- SUSE CVE CVE-2019-8689 page
- SUSE CVE CVE-2019-8690 page
- SUSE CVE CVE-2019-8707 page
- SUSE CVE CVE-2019-8710 page
- SUSE CVE CVE-2019-8719 page
Описание
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting.
Затронутые продукты
Ссылки
- CVE-2019-8551
- SUSE Bug 1132256
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8558
- SUSE Bug 1132256
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8559
- SUSE Bug 1132256
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8563
- SUSE Bug 1132256
Описание
A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.
Затронутые продукты
Ссылки
- CVE-2019-8625
- SUSE Bug 1155321
Описание
A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting.
Затронутые продукты
Ссылки
- CVE-2019-8674
- SUSE Bug 1155321
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8681
- SUSE Bug 1148931
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8684
- SUSE Bug 1148931
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8686
- SUSE Bug 1148931
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8687
- SUSE Bug 1148931
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8688
- SUSE Bug 1148931
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8689
- SUSE Bug 1148931
Описание
A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
Затронутые продукты
Ссылки
- CVE-2019-8690
- SUSE Bug 1148931
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8707
- SUSE Bug 1155321
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8710
- SUSE Bug 1156318
Описание
A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.
Затронутые продукты
Ссылки
- CVE-2019-8719
- SUSE Bug 1155321
Описание
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
Затронутые продукты
Ссылки
- CVE-2019-8720
- SUSE Bug 1155321
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8726
- SUSE Bug 1155321
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8733
- SUSE Bug 1155321
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8735
- SUSE Bug 1155321
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8743
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8763
- SUSE Bug 1155321
Описание
A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting.
Затронутые продукты
Ссылки
- CVE-2019-8764
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8765
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8766
- SUSE Bug 1156318
Описание
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items.
Затронутые продукты
Ссылки
- CVE-2019-8768
- SUSE Bug 1155321
Описание
An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history.
Затронутые продукты
Ссылки
- CVE-2019-8769
- SUSE Bug 1155321
Описание
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy.
Затронутые продукты
Ссылки
- CVE-2019-8771
- SUSE Bug 1155321
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8782
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8783
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8808
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8811
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8812
- SUSE Bug 1156318
Описание
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting.
Затронутые продукты
Ссылки
- CVE-2019-8813
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8814
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8815
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8816
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8819
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8820
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8821
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8822
- SUSE Bug 1156318
Описание
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2019-8823
- SUSE Bug 1156318