Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2018-2075-1.NASL
HistoryJan 02, 2019 - 12:00 a.m.

SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2018:2075-1)

2019-01-0200:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

This update for webkit2gtk3 to version 2.20.3 fixes the following issues: These security issues were fixed :

  • CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693).

  • CVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted website (bsc#1097693)

  • CVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers an @generatorState use-after-free (bsc#1097693)

  • CVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693)

  • CVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted website (bsc#1097693)

  • CVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1097693)

  • CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandle an unset pageURL, leading to an application crash (bsc#1095611).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:2075-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(120064);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/13");

  script_cve_id("CVE-2018-11646", "CVE-2018-4190", "CVE-2018-4199", "CVE-2018-4218", "CVE-2018-4222", "CVE-2018-4232", "CVE-2018-4233");

  script_name(english:"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2018:2075-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"This update for webkit2gtk3 to version 2.20.3 fixes the following
issues: These security issues were fixed :

  - CVE-2018-4190: An unspecified issue allowed remote
    attackers to obtain sensitive credential information
    that is transmitted during a CSS mask-image fetch
    (bsc#1097693).

  - CVE-2018-4199: An unspecified issue allowed remote
    attackers to execute arbitrary code or cause a denial of
    service (buffer overflow and application crash) via a
    crafted website (bsc#1097693)

  - CVE-2018-4218: An unspecified issue allowed remote
    attackers to execute arbitrary code or cause a denial of
    service (memory corruption and application crash) via a
    crafted website that triggers an @generatorState
    use-after-free (bsc#1097693)

  - CVE-2018-4222: An unspecified issue allowed remote
    attackers to execute arbitrary code via a crafted
    website that leverages a getWasmBufferFromValue
    out-of-bounds read during WebAssembly compilation
    (bsc#1097693)

  - CVE-2018-4232: An unspecified issue allowed remote
    attackers to overwrite cookies via a crafted website
    (bsc#1097693)

  - CVE-2018-4233: An unspecified issue allowed remote
    attackers to execute arbitrary code or cause a denial of
    service (memory corruption and application crash) via a
    crafted website (bsc#1097693)

  - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL
    and webkitFaviconDatabaseSetIconURLForPageURL mishandle
    an unset pageURL, leading to an application crash
    (bsc#1095611).

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1095611"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1097693"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-11646/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-4190/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-4199/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-4218/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-4222/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-4232/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-4233/"
  );
  # https://www.suse.com/support/update/announcement/2018/suse-su-20182075-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6fc09758"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t
patch SUSE-SLE-Module-Desktop-Applications-15-2018-1401=1

SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-2018-1401=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Safari Proxy Object Type Confusion');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/07/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES15", sp:"0", reference:"libjavascriptcoregtk-4_0-18-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libwebkit2gtk-4_0-37-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libwebkit2gtk-4_0-37-debuginfo-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"typelib-1_0-JavaScriptCore-4_0-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"typelib-1_0-WebKit2-4_0-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"typelib-1_0-WebKit2WebExtension-4_0-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"webkit2gtk-4_0-injected-bundles-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"webkit2gtk3-debugsource-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"webkit2gtk3-devel-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libjavascriptcoregtk-4_0-18-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libwebkit2gtk-4_0-37-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libwebkit2gtk-4_0-37-debuginfo-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"typelib-1_0-JavaScriptCore-4_0-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"typelib-1_0-WebKit2-4_0-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"typelib-1_0-WebKit2WebExtension-4_0-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"webkit2gtk-4_0-injected-bundles-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"webkit2gtk3-debugsource-2.20.3-3.3.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"webkit2gtk3-devel-2.20.3-3.3.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "webkit2gtk3");
}
VendorProductVersionCPE
novellsuse_linuxtypelib-1_0-webkit2p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2
novellsuse_linuxlibwebkit2gtk-4_0p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0
novellsuse_linuxwebkit2gtk-4_0-injected-bundles-debuginfop-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo
novellsuse_linuxlibjavascriptcoregtk-4_0-18-debuginfop-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo
novellsuse_linuxlibjavascriptcoregtk-4_0p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0
novellsuse_linuxwebkit2gtk3-develp-cpe:/a:novell:suse_linux:webkit2gtk3-devel
novellsuse_linuxwebkit2gtk-4_0-injected-bundlesp-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles
novellsuse_linuxwebkit2gtk3-debugsourcep-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource
novellsuse_linuxlibwebkit2gtk-4_0-37-debuginfop-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo
novellsuse_linuxtypelib-1_0-webkit2webextensionp-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension
Rows per page:
1-10 of 121

Related

nessus 12
suse 2
openvas 11
fedora 2
mageia 1
ubuntu 1
apple 12
kaspersky 1
packetstorm 4
exploitpack 2
zdt 6
metasploit 3
cve 7
prion 7
debiancve 7
ubuntucve 7
zdi 2
seebug 2
checkpoint_advisories 3
exploitdb 3
gentoo 1
googleprojectzero 1
nessus
nessus
openSUSE Security Update : webkit2gtk3 (openSUSE-2018-845)
2018-08-10 00:00:00
openSUSE Security Update : webkit2gtk3 (openSUSE-2019-566)
2019-03-27 00:00:00
Fedora 27 : webkitgtk4 (2018-aac3ca8936)
2018-07-02 00:00:00
suse
suse
Security update for webkit2gtk3 (moderate)
2018-08-10 03:08:49
Security update for webkit2gtk3 (moderate)
2018-10-26 00:11:58
openvas
openvas
openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2018:2285-1)
2018-10-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2075-1)
2021-06-09 00:00:00
Fedora Update for webkitgtk4 FEDORA-2018-aac3ca8936
2018-06-29 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: webkitgtk4-2.20.3-1.fc27
2018-06-29 08:06:09
[SECURITY] Fedora 28 Update: webkit2gtk3-2.20.3-1.fc28
2018-06-16 20:20:25
mageia
mageia
Updated webkit2 packages fix security vulnerability
2018-07-01 20:17:14
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2018-06-18 00:00:00
apple
apple
About the security content of Safari 11.1.1 - Apple Support
2019-10-08 03:41:58
About the security content of Safari 11.1.1
2018-06-01 00:00:00
About the security content of iCloud for Windows 7.5 - Apple Support
2019-10-08 03:48:52
kaspersky
kaspersky
KLA11282 Multiple vulnerabilities in Apple iTunes
2018-05-29 00:00:00
packetstorm
packetstorm
WebKitGTK+ 2.21.3 pageURL Mishandling Denial Of Service
2018-06-05 00:00:00
WebKitGTK+ WebKitFaviconDatabase Denial Of Service
2018-06-11 00:00:00
Safari Webkit Proxy Object Type Confusion
2019-06-02 00:00:00
exploitpack
exploitpack
WebKitGTK+ 2.21.3 - Crash (PoC)
2018-06-05 00:00:00
WebKitGTK+ 2.21.3 - WebKitFaviconDatabase Denial of Service (Metasploit)
2018-06-11 00:00:00
zdt
zdt
WebKitGTK+ < 2.21.3 - #WebKitFaviconDatabase DoS Exploit
2018-06-11 00:00:00
WebKitGTK+ < 2.21.3 - pageURL Mishandling Crash (PoC) Exploit
2018-06-06 00:00:00
WebKit - WebAssembly Compilation Info Leak Exploit
2018-06-09 00:00:00
metasploit
metasploit
WebKitGTK+ WebKitFaviconDatabase DoS
2018-06-09 06:13:47
Safari Proxy Object Type Confusion
2018-11-15 00:44:18
Safari Webkit Proxy Object Type Confusion
2019-06-02 02:19:24
cve
cve
CVE-2018-11646
2018-06-01 13:29:00
CVE-2018-4222
2018-06-08 18:29:00
CVE-2018-4199
2018-06-08 18:29:00
prion
prion
Design/Logic Flaw
2018-06-01 13:29:00
Out-of-bounds
2018-06-08 18:29:00
Buffer overflow
2018-06-08 18:29:00
debiancve
debiancve
CVE-2018-11646
2018-06-01 13:29:00
CVE-2018-4199
2018-06-08 18:29:00
CVE-2018-4222
2018-06-08 18:29:00
ubuntucve
ubuntucve
CVE-2018-11646
2018-06-01 00:00:00
CVE-2018-4222
2018-06-08 00:00:00
CVE-2018-4199
2018-06-08 00:00:00
zdi
zdi
(Pwn2Own) Apple Safari SVG Heap-based Buffer Overflow Remote Code Execution Vulnerability
2018-07-26 00:00:00
(Pwn2Own) Apple Safari CreateThis Type Confusion Remote Code Execution Vulnerability
2018-10-30 00:00:00
seebug
seebug
WebKit: Info leak in WebAssembly Compilation(CVE-2018-4222)
2018-06-08 00:00:00
WebKit: Use-after-free when resuming generator(CVE-2018-4218)
2018-06-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple WebKit Out Of Bounds Read (CVE-2018-4222)
2018-07-30 00:00:00
Apple WebKit Memory Corruption (CVE-2018-4233)
2018-12-31 00:00:00
Apple WebKit Use-after-free (CVE-2018-4218)
2018-07-25 00:00:00
exploitdb
exploitdb
WebKitGTK+ &lt; 2.21.3 - &#039;WebKitFaviconDatabase&#039; Denial of Service (Metasploit)
2018-06-11 00:00:00
WebKitGTK+ &lt; 2.21.3 - Crash (PoC)
2018-06-05 00:00:00
Safari - Proxy Object Type Confusion (Metasploit)
2018-12-14 00:00:00
gentoo
gentoo
WebkitGTK+: Multiple vulnerabilities
2018-08-22 00:00:00
googleprojectzero
googleprojectzero
The Problems and Promise of WebAssembly
2018-08-16 00:00:00
JSON
Related for SUSE_SU-2018-2075-1.NASL
nessus12suse2openvas11fedora2mageia1ubuntu1apple12kaspersky1packetstorm4exploitpack2zdt6metasploit3cve7prion7debiancve7ubuntucve7zdi2seebug2checkpoint_advisories3exploitdb3gentoo1googleprojectzero1