Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
Security issue fixed:
- CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution (bsc#1170643).
Non-security issues fixed:
- Update to version 2.28.2 (bsc#1170643):
- Fix excessive CPU usage due to GdkFrameClock not being stopped.
- Fix UI process crash when EGL_WL_bind_wayland_display extension is not available.
- Fix position of select popup menus in X11.
- Fix playing of Youtube 'live stream'/H264 URLs.
- Fix a crash under X11 when cairo uses xcb.
- Fix several crashes and rendering issues.
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
libjavascriptcoregtk-4_0-18-2.28.2-lp151.2.18.1
libjavascriptcoregtk-4_0-18-32bit-2.28.2-lp151.2.18.1
libwebkit2gtk-4_0-37-2.28.2-lp151.2.18.1
libwebkit2gtk-4_0-37-32bit-2.28.2-lp151.2.18.1
libwebkit2gtk3-lang-2.28.2-lp151.2.18.1
typelib-1_0-JavaScriptCore-4_0-2.28.2-lp151.2.18.1
typelib-1_0-WebKit2-4_0-2.28.2-lp151.2.18.1
typelib-1_0-WebKit2WebExtension-4_0-2.28.2-lp151.2.18.1
webkit-jsc-4-2.28.2-lp151.2.18.1
webkit2gtk-4_0-injected-bundles-2.28.2-lp151.2.18.1
webkit2gtk3-devel-2.28.2-lp151.2.18.1
webkit2gtk3-minibrowser-2.28.2-lp151.2.18.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0646-1
- SUSE Security Ratings
- SUSE Bug 1170643
- SUSE CVE CVE-2020-3899 page
Описание
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.
Затронутые продукты
openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.2-lp151.2.18.1
openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.2-lp151.2.18.1
openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.2-lp151.2.18.1
openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.2-lp151.2.18.1
Ссылки
- CVE-2020-3899
- SUSE Bug 1170643