Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2019-566.NASL
HistoryMar 27, 2019 - 12:00 a.m.

openSUSE Security Update : webkit2gtk3 (openSUSE-2019-566)

2019-03-2700:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
JSON

This update for webkit2gtk3 to version 2.20.3 fixes the following issues :

These security issues were fixed :

  • CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693).

  • CVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted website (bsc#1097693)

  • CVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers an @generatorState use-after-free (bsc#1097693)

  • CVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693)

  • CVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted website (bsc#1097693)

  • CVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1097693)

  • CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandle an unset pageURL, leading to an application crash (bsc#1095611).

These non-security issues were fixed :

  • Disable Gigacage if mmap fails to allocate in Linux.

  • Add user agent quirk for paypal website.

  • Fix a network process crash when trying to get cookies of about:blank page.

  • Fix UI process crash when closing the window under Wayland.

  • Fix several crashes and rendering issues. This update was imported from the SUSE:SLE-15:Update update project.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-566.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(123245);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2018-11646", "CVE-2018-4190", "CVE-2018-4199", "CVE-2018-4218", "CVE-2018-4222", "CVE-2018-4232", "CVE-2018-4233");

  script_name(english:"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-566)");
  script_summary(english:"Check for the openSUSE-2019-566 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for webkit2gtk3 to version 2.20.3 fixes the following
issues :

These security issues were fixed :

  - CVE-2018-4190: An unspecified issue allowed remote
    attackers to obtain sensitive credential information
    that is transmitted during a CSS mask-image fetch
    (bsc#1097693).

  - CVE-2018-4199: An unspecified issue allowed remote
    attackers to execute arbitrary code or cause a denial of
    service (buffer overflow and application crash) via a
    crafted website (bsc#1097693) 

  - CVE-2018-4218: An unspecified issue allowed remote
    attackers to execute arbitrary code or cause a denial of
    service (memory corruption and application crash) via a
    crafted website that triggers an @generatorState
    use-after-free (bsc#1097693) 

  - CVE-2018-4222: An unspecified issue allowed remote
    attackers to execute arbitrary code via a crafted
    website that leverages a getWasmBufferFromValue
    out-of-bounds read during WebAssembly compilation
    (bsc#1097693) 

  - CVE-2018-4232: An unspecified issue allowed remote
    attackers to overwrite cookies via a crafted website
    (bsc#1097693) 

  - CVE-2018-4233: An unspecified issue allowed remote
    attackers to execute arbitrary code or cause a denial of
    service (memory corruption and application crash) via a
    crafted website (bsc#1097693) 

  - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL
    and webkitFaviconDatabaseSetIconURLForPageURL mishandle
    an unset pageURL, leading to an application crash
    (bsc#1095611).

These non-security issues were fixed :

  - Disable Gigacage if mmap fails to allocate in Linux.

  - Add user agent quirk for paypal website.

  - Fix a network process crash when trying to get cookies
    of about:blank page.

  - Fix UI process crash when closing the window under
    Wayland.

  - Fix several crashes and rendering issues. This update
    was imported from the SUSE:SLE-15:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095611"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097693"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected webkit2gtk3 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Safari Proxy Object Type Confusion');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit-jsc-4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit2gtk3-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", reference:"libjavascriptcoregtk-4_0-18-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libwebkit2gtk-4_0-37-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libwebkit2gtk-4_0-37-debuginfo-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"libwebkit2gtk3-lang-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"typelib-1_0-JavaScriptCore-4_0-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"typelib-1_0-WebKit2-4_0-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"typelib-1_0-WebKit2WebExtension-4_0-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"webkit-jsc-4-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"webkit-jsc-4-debuginfo-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"webkit2gtk-4_0-injected-bundles-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"webkit2gtk3-debugsource-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"webkit2gtk3-devel-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"webkit2gtk3-plugin-process-gtk2-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"webkit2gtk3-plugin-process-gtk2-debuginfo-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libjavascriptcoregtk-4_0-18-32bit-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libwebkit2gtk-4_0-37-32bit-2.20.3-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libwebkit2gtk-4_0-37-32bit-debuginfo-2.20.3-lp150.2.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc");
}
VendorProductVersionCPE
novellopensuselibjavascriptcoregtk-4_0-18p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18
novellopensuselibjavascriptcoregtk-4_0-18-32bitp-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit
novellopensuselibjavascriptcoregtk-4_0-18-32bit-debuginfop-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo
novellopensuselibjavascriptcoregtk-4_0-18-debuginfop-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo
novellopensuselibwebkit2gtk-4_0-37p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37
novellopensuselibwebkit2gtk-4_0-37-32bitp-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit
novellopensuselibwebkit2gtk-4_0-37-32bit-debuginfop-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo
novellopensuselibwebkit2gtk-4_0-37-debuginfop-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo
novellopensuselibwebkit2gtk3-langp-cpe:/a:novell:opensuse:libwebkit2gtk3-lang
novellopensusetypelib-1_0-javascriptcore-4_0p-cpe:/a:novell:opensuse:typelib-1_0-javascriptcore-4_0
Rows per page:
1-10 of 211

Related

openvas 11
nessus 12
suse 2
fedora 2
mageia 1
ubuntu 1
apple 12
kaspersky 1
packetstorm 4
exploitpack 2
zdt 6
metasploit 3
cve 7
prion 7
debiancve 7
ubuntucve 7
seebug 2
zdi 2
checkpoint_advisories 3
exploitdb 3
gentoo 1
googleprojectzero 1
openvas
openvas
openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2018:2285-1)
2018-10-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2075-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2018-0302)
2022-01-28 00:00:00
nessus
nessus
openSUSE Security Update : webkit2gtk3 (openSUSE-2018-845)
2018-08-10 00:00:00
SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2018:2075-1)
2019-01-02 00:00:00
Fedora 28 : webkit2gtk3 (2018-118b9abf99)
2019-01-03 00:00:00
suse
suse
Security update for webkit2gtk3 (moderate)
2018-08-10 03:08:49
Security update for webkit2gtk3 (moderate)
2018-10-26 00:11:58
fedora
fedora
[SECURITY] Fedora 28 Update: webkit2gtk3-2.20.3-1.fc28
2018-06-16 20:20:25
[SECURITY] Fedora 27 Update: webkitgtk4-2.20.3-1.fc27
2018-06-29 08:06:09
mageia
mageia
Updated webkit2 packages fix security vulnerability
2018-07-01 20:17:14
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2018-06-18 00:00:00
apple
apple
About the security content of Safari 11.1.1
2018-06-01 00:00:00
About the security content of Safari 11.1.1 - Apple Support
2019-10-08 03:41:58
About the security content of iCloud for Windows 7.5 - Apple Support
2019-10-08 03:48:52
kaspersky
kaspersky
KLA11282 Multiple vulnerabilities in Apple iTunes
2018-05-29 00:00:00
packetstorm
packetstorm
WebKitGTK+ 2.21.3 pageURL Mishandling Denial Of Service
2018-06-05 00:00:00
WebKitGTK+ WebKitFaviconDatabase Denial Of Service
2018-06-11 00:00:00
Safari Webkit Proxy Object Type Confusion
2019-06-02 00:00:00
exploitpack
exploitpack
WebKitGTK+ 2.21.3 - Crash (PoC)
2018-06-05 00:00:00
WebKitGTK+ 2.21.3 - WebKitFaviconDatabase Denial of Service (Metasploit)
2018-06-11 00:00:00
zdt
zdt
WebKitGTK+ < 2.21.3 - #WebKitFaviconDatabase DoS Exploit
2018-06-11 00:00:00
WebKitGTK+ < 2.21.3 - pageURL Mishandling Crash (PoC) Exploit
2018-06-06 00:00:00
WebKit - WebAssembly Compilation Info Leak Exploit
2018-06-09 00:00:00
metasploit
metasploit
WebKitGTK+ WebKitFaviconDatabase DoS
2018-06-09 06:13:47
Safari Proxy Object Type Confusion
2018-11-15 00:44:18
Safari Webkit Proxy Object Type Confusion
2019-06-02 02:19:24
cve
cve
CVE-2018-11646
2018-06-01 13:29:00
CVE-2018-4222
2018-06-08 18:29:00
CVE-2018-4232
2018-06-08 18:29:00
prion
prion
Design/Logic Flaw
2018-06-01 13:29:00
Out-of-bounds
2018-06-08 18:29:00
Code injection
2018-06-08 18:29:00
debiancve
debiancve
CVE-2018-11646
2018-06-01 13:29:00
CVE-2018-4222
2018-06-08 18:29:00
CVE-2018-4199
2018-06-08 18:29:00
ubuntucve
ubuntucve
CVE-2018-11646
2018-06-01 00:00:00
CVE-2018-4199
2018-06-08 00:00:00
CVE-2018-4222
2018-06-08 00:00:00
seebug
seebug
WebKit: Info leak in WebAssembly Compilation(CVE-2018-4222)
2018-06-08 00:00:00
WebKit: Use-after-free when resuming generator(CVE-2018-4218)
2018-06-08 00:00:00
zdi
zdi
(Pwn2Own) Apple Safari SVG Heap-based Buffer Overflow Remote Code Execution Vulnerability
2018-07-26 00:00:00
(Pwn2Own) Apple Safari CreateThis Type Confusion Remote Code Execution Vulnerability
2018-10-30 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple WebKit Out Of Bounds Read (CVE-2018-4222)
2018-07-30 00:00:00
Apple WebKit Memory Corruption (CVE-2018-4233)
2018-12-31 00:00:00
Apple WebKit Use-after-free (CVE-2018-4218)
2018-07-25 00:00:00
exploitdb
exploitdb
WebKitGTK+ &lt; 2.21.3 - &#039;WebKitFaviconDatabase&#039; Denial of Service (Metasploit)
2018-06-11 00:00:00
WebKitGTK+ &lt; 2.21.3 - Crash (PoC)
2018-06-05 00:00:00
Safari - Proxy Object Type Confusion (Metasploit)
2018-12-14 00:00:00
gentoo
gentoo
WebkitGTK+: Multiple vulnerabilities
2018-08-22 00:00:00
googleprojectzero
googleprojectzero
The Problems and Promise of WebAssembly
2018-08-16 00:00:00
JSON
Related for OPENSUSE-2019-566.NASL
openvas11nessus12suse2fedora2mageia1ubuntu1apple12kaspersky1packetstorm4exploitpack2zdt6metasploit3cve7prion7debiancve7ubuntucve7seebug2zdi2checkpoint_advisories3exploitdb3gentoo1googleprojectzero1