openSUSE-SU-2020:1064-1

Опубликовано: 26 июл. 2020

Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

Update to version 2.28.3 (bsc#1173998):
- Enable kinetic scrolling with async scrolling.
- Fix web process hangs on large GitHub pages.
- Bubblewrap sandbox should not attempt to bind empty paths.
- Fix threading issues in the media player.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

libjavascriptcoregtk-4_0-18-2.28.3-lp151.2.21.1

libjavascriptcoregtk-4_0-18-32bit-2.28.3-lp151.2.21.1

libwebkit2gtk-4_0-37-2.28.3-lp151.2.21.1

libwebkit2gtk-4_0-37-32bit-2.28.3-lp151.2.21.1

libwebkit2gtk3-lang-2.28.3-lp151.2.21.1

typelib-1_0-JavaScriptCore-4_0-2.28.3-lp151.2.21.1

typelib-1_0-WebKit2-4_0-2.28.3-lp151.2.21.1

typelib-1_0-WebKit2WebExtension-4_0-2.28.3-lp151.2.21.1

webkit-jsc-4-2.28.3-lp151.2.21.1

webkit2gtk-4_0-injected-bundles-2.28.3-lp151.2.21.1

webkit2gtk3-devel-2.28.3-lp151.2.21.1

webkit2gtk3-minibrowser-2.28.3-lp151.2.21.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ND4YI5SEPKTGBXP5QOCJIWYUALJWMVUK/
E-Mail link for openSUSE-SU-2020:1064-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1173998
SUSE Bug 1173998
https://www.suse.com/security/cve/CVE-2020-13753/
SUSE CVE CVE-2020-13753 page
https://www.suse.com/security/cve/CVE-2020-9802/
SUSE CVE CVE-2020-9802 page
https://www.suse.com/security/cve/CVE-2020-9803/
SUSE CVE CVE-2020-9803 page
https://www.suse.com/security/cve/CVE-2020-9805/
SUSE CVE CVE-2020-9805 page
https://www.suse.com/security/cve/CVE-2020-9806/
SUSE CVE CVE-2020-9806 page
https://www.suse.com/security/cve/CVE-2020-9807/
SUSE CVE CVE-2020-9807 page
https://www.suse.com/security/cve/CVE-2020-9843/
SUSE CVE CVE-2020-9843 page
https://www.suse.com/security/cve/CVE-2020-9850/
SUSE CVE CVE-2020-9850 page

Описание

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.

Затронутые продукты

openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.3-lp151.2.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-13753.html
CVE-2020-13753
https://bugzilla.suse.com/1173998
SUSE Bug 1173998

Описание

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты

openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.3-lp151.2.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-9802.html
CVE-2020-9802
https://bugzilla.suse.com/1173998
SUSE Bug 1173998

Описание

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты

openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.3-lp151.2.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-9803.html
CVE-2020-9803
https://bugzilla.suse.com/1173998
SUSE Bug 1173998

Описание

Затронутые продукты

openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.3-lp151.2.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-9805.html
CVE-2020-9805
https://bugzilla.suse.com/1173998
SUSE Bug 1173998

Описание

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты

openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.3-lp151.2.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-9806.html
CVE-2020-9806
https://bugzilla.suse.com/1173998
SUSE Bug 1173998

Описание

Затронутые продукты

openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.3-lp151.2.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-9807.html
CVE-2020-9807
https://bugzilla.suse.com/1173998
SUSE Bug 1173998

Описание

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack.

Затронутые продукты

openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.3-lp151.2.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-9843.html
CVE-2020-9843
https://bugzilla.suse.com/1173998
SUSE Bug 1173998

Описание

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.

Затронутые продукты

openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.3-lp151.2.21.1

openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.3-lp151.2.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-9850.html
CVE-2020-9850
https://bugzilla.suse.com/1173998
SUSE Bug 1173998

openSUSE-SU-2020:1064-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-13753

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-9802

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-9803

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-9805

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-9806

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-9807

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-9843

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-9850

Описание

Затронутые продукты

Ссылки