Описание
Security update for webkit2gtk3
This update for webkit2gtk3 to version 2.28.1 fixes the following issues:
Security issues fixed:
- CVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528).
- CVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658).
Non-security issues fixed:
- Add API to enable Process Swap on (Cross-site) Navigation.
- Add user messages API for the communication with the web extension.
- Add support for same-site cookies.
- Service workers are enabled by default.
- Add support for Pointer Lock API.
- Add flatpak sandbox support.
- Make ondemand hardware acceleration policy never leave accelerated compositing mode.
- Always use a light theme for rendering form controls.
- Add about:gpu to show information about the graphics stack.
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
libjavascriptcoregtk-4_0-18-2.28.1-lp151.2.15.2
libjavascriptcoregtk-4_0-18-32bit-2.28.1-lp151.2.15.2
libwebkit2gtk-4_0-37-2.28.1-lp151.2.15.2
libwebkit2gtk-4_0-37-32bit-2.28.1-lp151.2.15.2
libwebkit2gtk3-lang-2.28.1-lp151.2.15.2
typelib-1_0-JavaScriptCore-4_0-2.28.1-lp151.2.15.2
typelib-1_0-WebKit2-4_0-2.28.1-lp151.2.15.2
typelib-1_0-WebKit2WebExtension-4_0-2.28.1-lp151.2.15.2
webkit-jsc-4-2.28.1-lp151.2.15.2
webkit2gtk-4_0-injected-bundles-2.28.1-lp151.2.15.2
webkit2gtk3-devel-2.28.1-lp151.2.15.2
webkit2gtk3-minibrowser-2.28.1-lp151.2.15.2
Ссылки
- E-Mail link for openSUSE-SU-2020:0602-1
- SUSE Security Ratings
- SUSE Bug 1165528
- SUSE Bug 1169658
- SUSE CVE CVE-2020-10018 page
- SUSE CVE CVE-2020-11793 page
Описание
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.
Затронутые продукты
openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.1-lp151.2.15.2
openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.1-lp151.2.15.2
openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.1-lp151.2.15.2
openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.1-lp151.2.15.2
Ссылки
- CVE-2020-10018
- SUSE Bug 1165528
Описание
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
Затронутые продукты
openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.1-lp151.2.15.2
openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.1-lp151.2.15.2
openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.1-lp151.2.15.2
openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.1-lp151.2.15.2
Ссылки
- CVE-2020-11793
- SUSE Bug 1169658