SUSE-SU-2018:2752-1 -- SLES webkit2gtk3, libjavascriptcoregtk-4_0-18, libwebkit2gtk-4_0-37, webkit2gtk-4_0-injected-bundles, libwebkit2gtk3-lang, typelib-1_0-JavaScriptCore-4_0, typelib-1_0-WebKit2-4_0, typelib-1_0-WebKit2WebExtension-4_0ID: oval:org.secpod.oval:def:89049597 | Date: (C)2023-12-20 (M)2023-12-20 |
Class: PATCH | Family: unix |
This update for webkit2gtk3 to version 2.20.5 fixes the following issues: Security issue fixed: - CVE-2018-12911: Fix off-by-one in xdg_mime_get_simple_globs . - CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. - CVE-2018-4266: A malicious website may be able to cause a denial of service. A race condition was addressed with additional validation. - CVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing maliciously crafted web content may lead to an unexpected application crash. A memory corruption issue was addressed with improved input validation. - CVE-2018-4278: A malicious website may exfiltrate audio data cross-origin. Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. Other bugs fixed: - Fix rendering artifacts in some web sites due to a bug introduced in 2.20.4. - Fix a crash when leaving accelerated compositing mode. - Fix non-deterministic build failure due to missing JavaScriptCore/JSContextRef.h.
Platform: |
SUSE Linux Enterprise Server 15 |
SUSE Linux Enterprise Desktop 15 |
Product: |
webkit2gtk3 |
libjavascriptcoregtk-4_0-18 |
libwebkit2gtk-4_0-37 |
webkit2gtk-4_0-injected-bundles |
libwebkit2gtk3-lang |
typelib-1_0-JavaScriptCore-4_0 |
typelib-1_0-WebKit2-4_0 |
typelib-1_0-WebKit2WebExtension-4_0 |