Improving performance, fixing security vulnerabilities, and addressing rendering issues for webkit2gtk3 on Fedora 31 (2019-fa0c4b0674
Reporter | Title | Published | Views | Family All 109 |
---|---|---|---|---|
Tenable Nessus | Fedora 30 : webkit2gtk3 (2019-4213e37211) | 15 Nov 201900:00 | β | nessus |
Tenable Nessus | Ubuntu 18.04 LTS : WebKitGTK+ vulnerabilities (USN-4181-1) | 13 Nov 201900:00 | β | nessus |
Tenable Nessus | Debian DSA-4563-1 : webkit2gtk - security update | 14 Nov 201900:00 | β | nessus |
Tenable Nessus | Apple iTunes < 12.10.2 Multiple Vulnerabilities (credentialed check) | 20 Nov 201900:00 | β | nessus |
Tenable Nessus | FreeBSD : webkit2-gtk3 -- Multiple vulnerabilities (3e748551-c732-45f6-bd88-928da16f23a8) | 3 Dec 201900:00 | β | nessus |
Tenable Nessus | Apple iCloud 7.x < 7.15 Multiple Vulnerabilities | 2 Jul 202000:00 | β | nessus |
Tenable Nessus | Apple iOS < 13.2 Multiple Vulnerabilities | 1 Nov 201900:00 | β | nessus |
Tenable Nessus | SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:1135-1) | 29 Apr 202000:00 | β | nessus |
Tenable Nessus | Apple iCloud 10.x < 10.8 Multiple Vulnerabilities | 3 Jul 202000:00 | β | nessus |
Tenable Nessus | GLSA-202003-22 : WebkitGTK+: Multiple vulnerabilities | 16 Mar 202000:00 | β | nessus |
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2019-fa0c4b0674.
#
include("compat.inc");
if (description)
{
script_id(131048);
script_version("1.4");
script_cvs_date("Date: 2019/12/24");
script_cve_id("CVE-2019-8812", "CVE-2019-8814");
script_xref(name:"FEDORA", value:"2019-fa0c4b0674");
script_name(english:"Fedora 31 : webkit2gtk3 (2019-fa0c4b0674)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - Improve performance of querying system fallback fonts.
- Don’t use prgname in dbus-proxy socket path.
- Fix thread-safety issues in image decoders.
- Fix the build with WebDriver disabled.
- Disable accelerated compositing when we fail to
initialize the EGL dispaly under Wayland.
- Fill the objects category in emoji picker.
- Fix several crashes and rendering issues.
-
[CVE-2019-8812](https://webkitgtk.org/security/WSA-2019-
0006.html#CVE-2019-8812)
-
[CVE-2019-8814](https://webkitgtk.org/security/WSA-2019-
0006.html#CVE-2019-8814)
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-fa0c4b0674"
);
script_set_attribute(
attribute:"see_also",
value:"https://webkitgtk.org/security/WSA-2019-0006.html#CVE-2019-8814"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected webkit2gtk3 package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8814");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:webkit2gtk3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/18");
script_set_attribute(attribute:"patch_publication_date", value:"2019/11/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC31", reference:"webkit2gtk3-2.26.2-1.fc31")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "webkit2gtk3");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo