SUSE-SU-2018:2075-1 -- SLES webkit2gtk3, libjavascriptcoregtk-4_0-18, libwebkit2gtk-4_0-37, webkit2gtk-4_0-injected-bundles, libwebkit2gtk3-lang, typelib-1_0-JavaScriptCore-4_0, typelib-1_0-WebKit2-4_0, typelib-1_0-WebKit2WebExtension-4_0ID: oval:org.secpod.oval:def:89049668 | Date: (C)2023-12-20 (M)2023-12-20 |
Class: PATCH | Family: unix |
This update for webkit2gtk3 to version 2.20.3 fixes the following issues: These security issues were fixed: - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch . - CVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service via a crafted web site - CVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service via a crafted web site that triggers an @generatorState use-after-free - CVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation - CVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted web site - CVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service via a crafted web site - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandle an unset pageURL, leading to an application crash . These non-security issues were fixed: - Disable Gigacage if mmap fails to allocate in Linux. - Add user agent quirk for paypal website. - Fix a network process crash when trying to get cookies of about:blank page. - Fix UI process crash when closing the window under Wayland. - Fix several crashes and rendering issues.
Platform: |
SUSE Linux Enterprise Server 15 |
SUSE Linux Enterprise Desktop 15 |
Product: |
webkit2gtk3 |
libjavascriptcoregtk-4_0-18 |
libwebkit2gtk-4_0-37 |
webkit2gtk-4_0-injected-bundles |
libwebkit2gtk3-lang |
typelib-1_0-JavaScriptCore-4_0 |
typelib-1_0-WebKit2-4_0 |
typelib-1_0-WebKit2WebExtension-4_0 |