Fedora: Security Advisory for webkit2gtk3 (FEDORA-2020-4d11d35a1f)
2020-02-23T00:00:00
ID OPENVAS:1361412562310877501 Type openvas Reporter Copyright (C) 2020 Greenbone Networks GmbH Modified 2020-02-26T00:00:00
Description
The remote host is missing an update for the
# Copyright (C) 2020 Greenbone Networks GmbH
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (C) the respective author(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.877501");
script_version("2020-02-26T06:23:50+0000");
script_cve_id("CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"last_modification", value:"2020-02-26 06:23:50 +0000 (Wed, 26 Feb 2020)");
script_tag(name:"creation_date", value:"2020-02-23 04:03:46 +0000 (Sun, 23 Feb 2020)");
script_name("Fedora: Security Advisory for webkit2gtk3 (FEDORA-2020-4d11d35a1f)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC30");
script_xref(name:"FEDORA", value:"2020-4d11d35a1f");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RB2OVFRPHSSO6PKCS5CIG4GOECOOZ3H2");
script_tag(name:"summary", value:"The remote host is missing an update for the 'webkit2gtk3'
package(s) announced via the FEDORA-2020-4d11d35a1f advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"WebKitGTK is the port of the portable web rendering engine WebKit to the
GTK platform.
This package contains WebKit2 based WebKitGTK for GTK 3.");
script_tag(name:"affected", value:"'webkit2gtk3' package(s) on Fedora 30.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "FC30") {
if(!isnull(res = isrpmvuln(pkg:"webkit2gtk3", rpm:"webkit2gtk3~2.26.4~1.fc30", rls:"FC30"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
{"id": "OPENVAS:1361412562310877501", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora: Security Advisory for webkit2gtk3 (FEDORA-2020-4d11d35a1f)", "description": "The remote host is missing an update for the ", "published": "2020-02-23T00:00:00", "modified": "2020-02-26T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877501", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["2020-4d11d35a1f", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RB2OVFRPHSSO6PKCS5CIG4GOECOOZ3H2"], "cvelist": ["CVE-2020-3865", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868"], "lastseen": "2020-03-04T16:43:56", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["ICLOUD_7_17.NASL", "ITUNES_12_10_4.NASL", "FEDORA_2020-3269917C2F.NASL", "FEDORA_2020-4D11D35A1F.NASL", "DEBIAN_DSA-4627.NASL", "UBUNTU_USN-4281-1.NASL", "FREEBSD_PKG_1CB0AF4ED6414F999432297A89447A97.NASL", "SUSE_SU-2020-0468-1.NASL", "ITUNES_12_10_4_BANNER.NASL", "OPENSUSE-2020-278.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4627-1:5CD4F"]}, {"type": "fedora", "idList": ["FEDORA:6C66A601463F", "FEDORA:9F6FE6049CB5"]}, {"type": "ubuntu", "idList": ["USN-4281-1"]}, {"type": "archlinux", "idList": ["ASA-202002-10"]}, {"type": "freebsd", "idList": ["1CB0AF4E-D641-4F99-9432-297A89447A97"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877494", "OPENVAS:1361412562310844344", "OPENVAS:1361412562310704627", "OPENVAS:1361412562310853057"]}, {"type": "cve", "idList": ["CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3868"]}, {"type": "apple", "idList": ["APPLE:HT210947", "APPLE:HT210918", "APPLE:HT210922", "APPLE:HT210948", "APPLE:HT210923", "APPLE:HT210920"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0278-1"]}, {"type": "kaspersky", "idList": ["KLA11650", "KLA11651"]}, {"type": "talosblog", "idList": ["TALOSBLOG:05E3F5C3268BCA0F23A702005ACD5EDB"]}, {"type": "talos", "idList": ["TALOS-2019-0967"]}, {"type": "thn", "idList": ["THN:1D059A29F13AF81A28C2D2770E5CD2E6"]}, {"type": "threatpost", "idList": ["THREATPOST:ABBA6B89522F29EE1F01F3D010F46FC0", "THREATPOST:2334EE5F6C03FC3ECE377B9BD44BA4E7"]}, {"type": "gentoo", "idList": ["GLSA-202003-22"]}, {"type": "redhat", "idList": ["RHSA-2021:0436", "RHSA-2020:4035", "RHSA-2021:0190", "RHSA-2021:0799", "RHSA-2020:5633", "RHSA-2021:0050", "RHSA-2020:5635", "RHSA-2020:4451", "RHSA-2020:5605"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4035", "ELSA-2020-4451"]}, {"type": "amazon", "idList": ["ALAS2-2020-1563"]}, {"type": "centos", "idList": ["CESA-2020:4035"]}], "modified": "2020-03-04T16:43:56", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2020-03-04T16:43:56", "rev": 2}, "vulnersScore": 6.9}, "pluginID": "1361412562310877501", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877501\");\n script_version(\"2020-02-26T06:23:50+0000\");\n script_cve_id(\"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-02-26 06:23:50 +0000 (Wed, 26 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-23 04:03:46 +0000 (Sun, 23 Feb 2020)\");\n script_name(\"Fedora: Security Advisory for webkit2gtk3 (FEDORA-2020-4d11d35a1f)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2020-4d11d35a1f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RB2OVFRPHSSO6PKCS5CIG4GOECOOZ3H2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the FEDORA-2020-4d11d35a1f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"WebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform.\n\nThis package contains WebKit2 based WebKitGTK for GTK 3.\");\n\n script_tag(name:\"affected\", value:\"'webkit2gtk3' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3\", rpm:\"webkit2gtk3~2.26.4~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "naslFamily": "Fedora Local Security Checks", "immutableFields": []}
{"nessus": [{"lastseen": "2020-09-18T11:03:48", "description": "A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-19T00:00:00", "title": "Ubuntu 18.04 LTS / 19.10 : WebKitGTK+ vulnerabilities (USN-4281-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-3865", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868"], "modified": "2020-02-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.10"], "id": "UBUNTU_USN-4281-1.NASL", "href": "https://www.tenable.com/plugins/nessus/133794", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4281-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133794);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n script_xref(name:\"USN\", value:\"4281-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 19.10 : WebKitGTK+ vulnerabilities (USN-4281-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4281-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|19\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04 / 19.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.26.4-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.26.4-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.26.4-0ubuntu0.19.10.1\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.26.4-0ubuntu0.19.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:14:35", "description": "The following vulnerabilities have been discovered in the webkit2gtk\nweb engine :\n\n - CVE-2020-3862\n Srikanth Gatta discovered that a malicious website may\n be able to cause a denial of service.\n\n - CVE-2020-3864\n Ryan Pickren discovered that a DOM object context may\n not have had a unique security origin.\n\n - CVE-2020-3865\n Ryan Pickren discovered that a top-level DOM object\n context may have incorrectly been considered secure.\n\n - CVE-2020-3867\n An anonymous researcher discovered that processing\n maliciously crafted web content may lead to universal\n cross site scripting.\n\n - CVE-2020-3868\n Marcin Towalski discovered that processing maliciously\n crafted web content may lead to arbitrary code\n execution.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-18T00:00:00", "title": "Debian DSA-4627-1 : webkit2gtk - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-3865", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868"], "modified": "2020-02-18T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:webkit2gtk"], "id": "DEBIAN_DSA-4627.NASL", "href": "https://www.tenable.com/plugins/nessus/133734", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4627. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133734);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/10\");\n\n script_cve_id(\"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n script_xref(name:\"DSA\", value:\"4627\");\n\n script_name(english:\"Debian DSA-4627-1 : webkit2gtk - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following vulnerabilities have been discovered in the webkit2gtk\nweb engine :\n\n - CVE-2020-3862\n Srikanth Gatta discovered that a malicious website may\n be able to cause a denial of service.\n\n - CVE-2020-3864\n Ryan Pickren discovered that a DOM object context may\n not have had a unique security origin.\n\n - CVE-2020-3865\n Ryan Pickren discovered that a top-level DOM object\n context may have incorrectly been considered secure.\n\n - CVE-2020-3867\n An anonymous researcher discovered that processing\n maliciously crafted web content may lead to universal\n cross site scripting.\n\n - CVE-2020-3868\n Marcin Towalski discovered that processing maliciously\n crafted web content may lead to arbitrary code\n execution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-3868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4627\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the webkit2gtk packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.26.4-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-javascriptcoregtk-4.0\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-webkit2-4.0\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-18\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-bin\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-dev\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37-gtk2\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-dev\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-doc\", reference:\"2.26.4-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"webkit2gtk-driver\", reference:\"2.26.4-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T00:07:15", "description": "The WebKitGTK project reports multiple vulnerabilities.", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-20T00:00:00", "title": "FreeBSD : webkit-gtk3 -- Multiple vulnerabilities (1cb0af4e-d641-4f99-9432-297a89447a97)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-3865", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868"], "modified": "2020-02-20T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:webkit2-gtk3"], "id": "FREEBSD_PKG_1CB0AF4ED6414F999432297A89447A97.NASL", "href": "https://www.tenable.com/plugins/nessus/133822", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133822);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/10\");\n\n script_cve_id(\"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n\n script_name(english:\"FreeBSD : webkit-gtk3 -- Multiple vulnerabilities (1cb0af4e-d641-4f99-9432-297a89447a97)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"The WebKitGTK project reports multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2020-0002.html\"\n );\n # https://vuxml.freebsd.org/freebsd/1cb0af4e-d641-4f99-9432-297a89447a97.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e3064b1a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit2-gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"webkit2-gtk3<2.26.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T00:03:56", "description": " - Always use a light theme for rendering form controls.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-3862, CVE-2020-3864,\n CVE-2020-3865, CVE-2020-3867, CVE-2020-3868\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-20T00:00:00", "title": "Fedora 31 : webkit2gtk3 (2020-3269917c2f)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-3865", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868"], "modified": "2020-02-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-3269917C2F.NASL", "href": "https://www.tenable.com/plugins/nessus/133819", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-3269917c2f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133819);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/10\");\n\n script_cve_id(\"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n script_xref(name:\"FEDORA\", value:\"2020-3269917c2f\");\n\n script_name(english:\"Fedora 31 : webkit2gtk3 (2020-3269917c2f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Always use a light theme for rendering form controls.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-3862, CVE-2020-3864,\n CVE-2020-3865, CVE-2020-3867, CVE-2020-3868\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-3269917c2f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"webkit2gtk3-2.26.4-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T00:04:01", "description": " - Always use a light theme for rendering form controls.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-3862, CVE-2020-3864,\n CVE-2020-3865, CVE-2020-3867, CVE-2020-3868\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-24T00:00:00", "title": "Fedora 30 : webkit2gtk3 (2020-4d11d35a1f)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-3865", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868"], "modified": "2020-02-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:webkit2gtk3"], "id": "FEDORA_2020-4D11D35A1F.NASL", "href": "https://www.tenable.com/plugins/nessus/133885", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-4d11d35a1f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133885);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/10\");\n\n script_cve_id(\"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n script_xref(name:\"FEDORA\", value:\"2020-4d11d35a1f\");\n\n script_name(english:\"Fedora 30 : webkit2gtk3 (2020-4d11d35a1f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Always use a light theme for rendering form controls.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-3862, CVE-2020-3864,\n CVE-2020-3865, CVE-2020-3867, CVE-2020-3868\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-4d11d35a1f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"webkit2gtk3-2.26.4-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T02:08:31", "description": "This update for webkit2gtk3 to version 2.26.4 fixes the following\nissues :\n\nSecurity issues fixed :\n\n - CVE-2019-8835: Fixed multiple memory corruption issues\n (bsc#1161719).\n\n - CVE-2019-8844: Fixed multiple memory corruption issues\n (bsc#1161719).\n\n - CVE-2019-8846: Fixed a use-after-free issue\n (bsc#1161719).\n\n - CVE-2020-3862: Fixed a memory handling issue\n (bsc#1163809).\n\n - CVE-2020-3864: Fixed a logic issue in the DOM object\n context handling (bsc#1163809).\n\n - CVE-2020-3865: Fixed a logic issue in the DOM object\n context handling (bsc#1163809).\n\n - CVE-2020-3867: Fixed an XSS issue (bsc#1163809).\n\n - CVE-2020-3868: Fixed multiple memory corruption issues\n that could have lead to arbitrary code execution\n (bsc#1163809).\n\nNon-security issues fixed :\n\n - Fixed issues while trying to play a video on NextCloud.\n\n - Fixed vertical alignment of text containing arabic\n diacritics.\n\n - Fixed build with icu 65.1.\n\n - Fixed page loading errors with websites using HSTS.\n\n - Fixed web process crash when displaying a KaTeX formula.\n\n - Fixed several crashes and rendering issues.\n\n - Switched to a single web process for Evolution and geary\n (bsc#1159329 glgo#GNOME/evolution#587).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-03-02T00:00:00", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2020-278)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8844", "CVE-2020-3865", "CVE-2019-8846", "CVE-2020-3862", "CVE-2020-3867", "CVE-2019-8835", "CVE-2020-3864", "CVE-2020-3868"], "modified": "2020-03-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo"], "id": "OPENSUSE-2020-278.NASL", "href": "https://www.tenable.com/plugins/nessus/134198", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-278.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134198);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/10\");\n\n script_cve_id(\"CVE-2019-8835\", \"CVE-2019-8844\", \"CVE-2019-8846\", \"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2020-278)\");\n script_summary(english:\"Check for the openSUSE-2020-278 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.26.4 fixes the following\nissues :\n\nSecurity issues fixed :\n\n - CVE-2019-8835: Fixed multiple memory corruption issues\n (bsc#1161719).\n\n - CVE-2019-8844: Fixed multiple memory corruption issues\n (bsc#1161719).\n\n - CVE-2019-8846: Fixed a use-after-free issue\n (bsc#1161719).\n\n - CVE-2020-3862: Fixed a memory handling issue\n (bsc#1163809).\n\n - CVE-2020-3864: Fixed a logic issue in the DOM object\n context handling (bsc#1163809).\n\n - CVE-2020-3865: Fixed a logic issue in the DOM object\n context handling (bsc#1163809).\n\n - CVE-2020-3867: Fixed an XSS issue (bsc#1163809).\n\n - CVE-2020-3868: Fixed multiple memory corruption issues\n that could have lead to arbitrary code execution\n (bsc#1163809).\n\nNon-security issues fixed :\n\n - Fixed issues while trying to play a video on NextCloud.\n\n - Fixed vertical alignment of text containing arabic\n diacritics.\n\n - Fixed build with icu 65.1.\n\n - Fixed page loading errors with websites using HSTS.\n\n - Fixed web process crash when displaying a KaTeX formula.\n\n - Fixed several crashes and rendering issues.\n\n - Switched to a single web process for Evolution and geary\n (bsc#1159329 glgo#GNOME/evolution#587).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1161719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1163809\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjavascriptcoregtk-4_0-18-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk-4_0-37-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk3-lang-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-WebKit2-4_0-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit-jsc-4-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit-jsc-4-debuginfo-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk-4_0-injected-bundles-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-debugsource-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-devel-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-minibrowser-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.26.4-lp151.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.26.4-lp151.2.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-debuginfo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:25:47", "description": "This update for webkit2gtk3 to version 2.26.4 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719).\n\nCVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719).\n\nCVE-2019-8846: Fixed a use-after-free issue (bsc#1161719).\n\nCVE-2020-3862: Fixed a memory handling issue (bsc#1163809).\n\nCVE-2020-3864: Fixed a logic issue in the DOM object context handling\n(bsc#1163809).\n\nCVE-2020-3865: Fixed a logic issue in the DOM object context handling\n(bsc#1163809).\n\nCVE-2020-3867: Fixed an XSS issue (bsc#1163809).\n\nCVE-2020-3868: Fixed multiple memory corruption issues that could have\nlead to arbitrary code execution (bsc#1163809).\n\nNon-security issues fixed: Fixed issues while trying to play a video\non NextCloud.\n\nFixed vertical alignment of text containing arabic diacritics.\n\nFixed build with icu 65.1.\n\nFixed page loading errors with websites using HSTS.\n\nFixed web process crash when displaying a KaTeX formula.\n\nFixed several crashes and rendering issues.\n\nSwitched to a single web process for Evolution and geary (bsc#1159329\nglgo#GNOME/evolution#587).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-26T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:0468-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8844", "CVE-2020-3865", "CVE-2019-8846", "CVE-2020-3862", "CVE-2020-3867", "CVE-2019-8835", "CVE-2020-3864", "CVE-2020-3868"], "modified": "2020-02-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:webkit2gtk3-minibrowser-debuginfo", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:webkit-jsc", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk3-minibrowser", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension", "p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo"], "id": "SUSE_SU-2020-0468-1.NASL", "href": "https://www.tenable.com/plugins/nessus/134082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0468-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134082);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-8835\", \"CVE-2019-8844\", \"CVE-2019-8846\", \"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:0468-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.26.4 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719).\n\nCVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719).\n\nCVE-2019-8846: Fixed a use-after-free issue (bsc#1161719).\n\nCVE-2020-3862: Fixed a memory handling issue (bsc#1163809).\n\nCVE-2020-3864: Fixed a logic issue in the DOM object context handling\n(bsc#1163809).\n\nCVE-2020-3865: Fixed a logic issue in the DOM object context handling\n(bsc#1163809).\n\nCVE-2020-3867: Fixed an XSS issue (bsc#1163809).\n\nCVE-2020-3868: Fixed multiple memory corruption issues that could have\nlead to arbitrary code execution (bsc#1163809).\n\nNon-security issues fixed: Fixed issues while trying to play a video\non NextCloud.\n\nFixed vertical alignment of text containing arabic diacritics.\n\nFixed build with icu 65.1.\n\nFixed page loading errors with websites using HSTS.\n\nFixed web process crash when displaying a KaTeX formula.\n\nFixed several crashes and rendering issues.\n\nSwitched to a single web process for Evolution and geary (bsc#1159329\nglgo#GNOME/evolution#587).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8835/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8844/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8846/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-3862/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-3864/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-3865/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-3867/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-3868/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200468-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96317c8c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15:zypper in -t patch\nSUSE-SLE-Product-SLES_SAP-15-2020-468=1\n\nSUSE Linux Enterprise Server 15-LTSS:zypper in -t patch\nSUSE-SLE-Product-SLES-15-2020-468=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-468=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2020-468=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-468=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2020-468=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2020-468=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2020-468=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS:zypper in -t\npatch SUSE-SLE-Product-HPC-15-2020-468=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS:zypper in -t\npatch SUSE-SLE-Product-HPC-15-2020-468=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit-jsc-4-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit-jsc-4-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-minibrowser-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit-jsc-4-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit-jsc-4-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-minibrowser-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.26.4-3.43.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.26.4-3.43.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T15:40:56", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.10.4. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the HT210923 advisory. Note that Nessus has not tested for this issue but\nhas instead relied only on the application's self-reported version number.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-03-05T00:00:00", "title": "Apple iTunes < 12.10.4 Multiple Vulnerabilities (uncredentialed check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-3825", "CVE-2020-3865", "CVE-2020-3861", "CVE-2020-3826", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868", "CVE-2020-3846"], "modified": "2020-03-05T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_10_4_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/134221", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134221);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/06\");\n\n script_cve_id(\n \"CVE-2020-3825\",\n \"CVE-2020-3826\",\n \"CVE-2020-3846\",\n \"CVE-2020-3861\",\n \"CVE-2020-3862\",\n \"CVE-2020-3864\",\n \"CVE-2020-3865\",\n \"CVE-2020-3867\",\n \"CVE-2020-3868\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT210923\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2020-1-28-6\");\n\n script_name(english:\"Apple iTunes < 12.10.4 Multiple Vulnerabilities (uncredentialed check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is prior to 12.10.4. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the HT210923 advisory. Note that Nessus has not tested for this issue but\nhas instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT210923\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.10.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3826\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"installed_sw/iTunes DAAP\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('http.inc');\ninclude('vcf.inc');\n\napp = 'iTunes DAAP';\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\napp_info = vcf::get_app_info(app:app, port:port);\nif (app_info.Type != 'Windows') audit(AUDIT_OS_NOT, 'Windows');\nconstraints = [{'fixed_version':'12.10.4'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T15:40:56", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.10.4. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the HT210923 advisory. Note that Nessus has not tested for this issue but has\ninstead relied only on the application's self-reported version number.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-03-05T00:00:00", "title": "Apple iTunes < 12.10.4 Multiple Vulnerabilities (credentialed check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-3825", "CVE-2020-3865", "CVE-2020-3861", "CVE-2020-3826", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868", "CVE-2020-3846"], "modified": "2020-03-05T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_10_4.NASL", "href": "https://www.tenable.com/plugins/nessus/134222", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134222);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/06\");\n\n script_cve_id(\n \"CVE-2020-3825\",\n \"CVE-2020-3826\",\n \"CVE-2020-3846\",\n \"CVE-2020-3861\",\n \"CVE-2020-3862\",\n \"CVE-2020-3864\",\n \"CVE-2020-3865\",\n \"CVE-2020-3867\",\n \"CVE-2020-3868\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT210923\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2020-1-28-6\");\n\n script_name(english:\"Apple iTunes < 12.10.4 Multiple Vulnerabilities (credentialed check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is prior to 12.10.4. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the HT210923 advisory. Note that Nessus has not tested for this issue but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT210923\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.10.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3826\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\ninclude('vcf.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\n\napp_info = vcf::get_app_info(app:'iTunes Version', win_local:TRUE);\nconstraints = [{'fixed_version':'12.10.4'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-15T10:50:39", "description": "According to its version, the iCloud application installed on the remote Windows host is 7.x prior to 7.17. \nIt is, therefore, affected by multiple vulnerabilities:\n\n - An arbitrary code execution vulnerability exist with in the WebKit due to multiple memory \n corruption issues. An unauthenticated, remote attacker can exploit this by processing maliciously crafted\n web content that may lead to arbitrary code execution. (CVE-2020-3825, CVE-2020-3865, CVE-2020-3868)\n \n - An arbitrary code execution vulnerability exist with in the WebKit due to out-of-bounds read \n issues. An unauthenticated, remote attacker can exploit this by processing a maliciously crafted image \n that may lead to arbitrary code execution. (CVE-2020-3826) \n\n - An arbitrary code execution vulnerability exist with in the WebKit due to buffer overflow \n issues. An unauthenticated, remote attacker can exploit this by processing maliciously crafted XML file\n that may lead to an unexpected application termination or arbitrary code execution. (CVE-2020-3846)\n\n - An arbitrary code execution vulnerability exist with in the WebKit due to denial of service \n issues. A malicious website may be able to cause a denial of service. (CVE-2020-3862)\n\n - An arbitrary code execution vulnerability exist with in the WebKit due to logic issues. \n An unauthenticated, remote attacker can exploit this by processing maliciously crafted web content that \n may lead to universal cross site scripting(css). (CVE-2020-3867)", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-02T00:00:00", "title": "Apple iCloud 7.x < 7.17 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-3825", "CVE-2020-3865", "CVE-2020-3826", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3846"], "modified": "2020-07-02T00:00:00", "cpe": ["cpe:/a:apple:icloud_for_windows"], "id": "ICLOUD_7_17.NASL", "href": "https://www.tenable.com/plugins/nessus/138077", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138077);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/14\");\n\n script_cve_id(\n \"CVE-2020-3825\",\n \"CVE-2020-3826\",\n \"CVE-2020-3846\",\n \"CVE-2020-3862\",\n \"CVE-2020-3865\",\n \"CVE-2020-3867\",\n \"CVE-2020-3868\"\n );\n\n script_name(english:\"Apple iCloud 7.x < 7.17 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An iCloud software installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the iCloud application installed on the remote Windows host is 7.x prior to 7.17. \nIt is, therefore, affected by multiple vulnerabilities:\n\n - An arbitrary code execution vulnerability exist with in the WebKit due to multiple memory \n corruption issues. An unauthenticated, remote attacker can exploit this by processing maliciously crafted\n web content that may lead to arbitrary code execution. (CVE-2020-3825, CVE-2020-3865, CVE-2020-3868)\n \n - An arbitrary code execution vulnerability exist with in the WebKit due to out-of-bounds read \n issues. An unauthenticated, remote attacker can exploit this by processing a maliciously crafted image \n that may lead to arbitrary code execution. (CVE-2020-3826) \n\n - An arbitrary code execution vulnerability exist with in the WebKit due to buffer overflow \n issues. An unauthenticated, remote attacker can exploit this by processing maliciously crafted XML file\n that may lead to an unexpected application termination or arbitrary code execution. (CVE-2020-3846)\n\n - An arbitrary code execution vulnerability exist with in the WebKit due to denial of service \n issues. A malicious website may be able to cause a denial of service. (CVE-2020-3862)\n\n - An arbitrary code execution vulnerability exist with in the WebKit due to logic issues. \n An unauthenticated, remote attacker can exploit this by processing maliciously crafted web content that \n may lead to universal cross site scripting(css). (CVE-2020-3867)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT210948\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to iCloud version 7.17 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-3868\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:icloud_for_windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"icloud_installed.nasl\");\n script_require_keys(\"installed_sw/iCloud\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'iCloud';\n\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\nconstraints = [\n {'min_version' : '7.0', 'fixed_version' : '7.17'},\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868"], "description": "Arch Linux Security Advisory ASA-202002-10\n==========================================\n\nSeverity: High\nDate : 2020-02-17\nCVE-ID : CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867\nCVE-2020-3868\nPackage : webkit2gtk\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1100\n\nSummary\n=======\n\nThe package webkit2gtk before version 2.26.4-1 is vulnerable to\nmultiple issues including arbitrary code execution, cross-site\nscripting, sandbox escape, denial of service and same-origin policy\nbypass.\n\nResolution\n==========\n\nUpgrade to 2.26.4-1.\n\n# pacman -Syu \"webkit2gtk>=2.26.4-1\"\n\nThe problems have been fixed upstream in version 2.26.4.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-3862 (denial of service)\n\nA malicious website may be able to cause a denial of service.\n\n- CVE-2020-3864 (same-origin policy bypass)\n\nA DOM object context may not have had a unique security origin.\n\n- CVE-2020-3865 (sandbox escape)\n\nA top-level DOM object context may have incorrectly been considered\nsecure.\n\n- CVE-2020-3867 (cross-site scripting)\n\nProcessing maliciously crafted web content may lead to universal cross\nsite scripting.\n\n- CVE-2020-3868 (arbitrary code execution)\n\nProcessing maliciously crafted web content may lead to arbitrary code\nexecution. Credit to Marcin Towalski of Cisco Talos.\n\nImpact\n======\n\nA remote attacker can bypass security restrictions via universal cross-\nsite scripting or execute arbitrary code via crafted web content.\n\nReferences\n==========\n\nhttps://webkitgtk.org/security/WSA-2020-0002.html\nhttps://security.archlinux.org/CVE-2020-3862\nhttps://security.archlinux.org/CVE-2020-3864\nhttps://security.archlinux.org/CVE-2020-3865\nhttps://security.archlinux.org/CVE-2020-3867\nhttps://security.archlinux.org/CVE-2020-3868", "modified": "2020-02-17T00:00:00", "published": "2020-02-17T00:00:00", "id": "ASA-202002-10", "href": "https://security.archlinux.org/ASA-202002-10", "type": "archlinux", "title": "[ASA-202002-10] webkit2gtk: multiple issues", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T00:53:14", "bulletinFamily": "unix", "cvelist": ["CVE-2020-3865", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4627-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nFebruary 17, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : webkit2gtk\nCVE ID : CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 \n CVE-2020-3868\n\nThe following vulnerabilities have been discovered in the webkit2gtk\nweb engine:\n\nCVE-2020-3862\n\n Srikanth Gatta discovered that a malicious website may be able to\n cause a denial of service.\n\nCVE-2020-3864\n\n Ryan Pickren discovered that a DOM object context may not have had\n a unique security origin.\n\nCVE-2020-3865\n\n Ryan Pickren discovered that a top-level DOM object context may\n have incorrectly been considered secure.\n\nCVE-2020-3867\n\n An anonymous researcher discovered that processing maliciously\n crafted web content may lead to universal cross site scripting.\n\nCVE-2020-3868\n\n Marcin Towalski discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.26.4-1~deb10u1.\n\nWe recommend that you upgrade your webkit2gtk packages.\n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/webkit2gtk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2020-02-17T20:49:01", "published": "2020-02-17T20:49:01", "id": "DEBIAN:DSA-4627-1:5CD4F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00030.html", "title": "[SECURITY] [DSA 4627-1] webkit2gtk security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868"], "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "modified": "2020-02-23T01:09:49", "published": "2020-02-23T01:09:49", "id": "FEDORA:9F6FE6049CB5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: webkit2gtk3-2.26.4-1.fc30", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868"], "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "modified": "2020-02-20T05:05:30", "published": "2020-02-20T05:05:30", "id": "FEDORA:6C66A601463F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: webkit2gtk3-2.26.4-1.fc31", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:32:42", "bulletinFamily": "unix", "cvelist": ["CVE-2020-3865", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868"], "description": "A large number of security issues were discovered in the WebKitGTK+ Web and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of service \nattacks, and arbitrary code execution.", "edition": 3, "modified": "2020-02-18T00:00:00", "published": "2020-02-18T00:00:00", "id": "USN-4281-1", "href": "https://ubuntu.com/security/notices/USN-4281-1", "title": "WebKitGTK+ vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2020-03-04T16:33:30", "bulletinFamily": "unix", "cvelist": ["CVE-2020-3865", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868"], "description": "\nThe WebKitGTK project reports multiple vulnerabilities.\n", "edition": 2, "modified": "2020-02-14T00:00:00", "published": "2020-02-14T00:00:00", "id": "1CB0AF4E-D641-4F99-9432-297A89447A97", "href": "https://vuxml.freebsd.org/freebsd/1cb0af4e-d641-4f99-9432-297a89447a97.html", "title": "webkit-gtk3 -- Multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-03-04T16:54:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-3865", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868"], "description": "The remote host is missing an update for the ", "modified": "2020-02-20T00:00:00", "published": "2020-02-19T00:00:00", "id": "OPENVAS:1361412562310844344", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844344", "type": "openvas", "title": "Ubuntu: Security Advisory for webkit2gtk (USN-4281-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844344\");\n script_version(\"2020-02-20T11:12:08+0000\");\n script_cve_id(\"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-02-20 11:12:08 +0000 (Thu, 20 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-19 04:01:12 +0000 (Wed, 19 Feb 2020)\");\n script_name(\"Ubuntu: Security Advisory for webkit2gtk (USN-4281-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU19\\.10|UBUNTU18\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4281-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-February/005330.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the USN-4281-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A large number of security issues were discovered in the WebKitGTK+ Web and\nJavaScript engines. If a user were tricked into viewing a malicious\nwebsite, a remote attacker could exploit a variety of issues related to web\nbrowser security, including cross-site scripting attacks, denial of service\nattacks, and arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"'webkit2gtk' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18\", ver:\"2.26.4-0ubuntu0.19.10.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37\", ver:\"2.26.4-0ubuntu0.19.10.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18\", ver:\"2.26.4-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37\", ver:\"2.26.4-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-04T16:55:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-3865", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868"], "description": "The remote host is missing an update for the ", "modified": "2020-02-19T00:00:00", "published": "2020-02-19T00:00:00", "id": "OPENVAS:1361412562310704627", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704627", "type": "openvas", "title": "Debian: Security Advisory for webkit2gtk (DSA-4627-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704627\");\n script_version(\"2020-02-19T04:00:13+0000\");\n script_cve_id(\"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-02-19 04:00:13 +0000 (Wed, 19 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-19 04:00:13 +0000 (Wed, 19 Feb 2020)\");\n script_name(\"Debian: Security Advisory for webkit2gtk (DSA-4627-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB10\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4627.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4627-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the DSA-4627-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities have been discovered in the webkit2gtk\nweb engine:\n\nCVE-2020-3862\nSrikanth Gatta discovered that a malicious website may be able to\ncause a denial of service.\n\nCVE-2020-3864\nRyan Pickren discovered that a DOM object context may not have had\na unique security origin.\n\nCVE-2020-3865\nRyan Pickren discovered that a top-level DOM object context may\nhave incorrectly been considered secure.\n\nCVE-2020-3867\nAn anonymous researcher discovered that processing maliciously\ncrafted web content may lead to universal cross site scripting.\n\nCVE-2020-3868\nMarcin Towalski discovered that processing maliciously crafted web\ncontent may lead to arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"'webkit2gtk' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (buster), these problems have been fixed in\nversion 2.26.4-1~deb10u1.\n\nWe recommend that you upgrade your webkit2gtk packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"gir1.2-javascriptcoregtk-4.0\", ver:\"2.26.4-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gir1.2-webkit2-4.0\", ver:\"2.26.4-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18\", ver:\"2.26.4-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-bin\", ver:\"2.26.4-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-dev\", ver:\"2.26.4-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37\", ver:\"2.26.4-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37-gtk2\", ver:\"2.26.4-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-dev\", ver:\"2.26.4-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-doc\", ver:\"2.26.4-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"webkit2gtk-driver\", ver:\"2.26.4-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-04T16:41:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-3865", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868"], "description": "The remote host is missing an update for the ", "modified": "2020-02-26T00:00:00", "published": "2020-02-21T00:00:00", "id": "OPENVAS:1361412562310877494", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877494", "type": "openvas", "title": "Fedora: Security Advisory for webkit2gtk3 (FEDORA-2020-3269917c2f)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877494\");\n script_version(\"2020-02-26T06:23:50+0000\");\n script_cve_id(\"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-02-26 06:23:50 +0000 (Wed, 26 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-21 04:04:26 +0000 (Fri, 21 Feb 2020)\");\n script_name(\"Fedora: Security Advisory for webkit2gtk3 (FEDORA-2020-3269917c2f)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-3269917c2f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KT3SN6UVVMJTFCVC7I5BWDJFFXTE33EB\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the FEDORA-2020-3269917c2f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"WebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform.\n\nThis package contains WebKit2 based WebKitGTK for GTK 3.\");\n\n script_tag(name:\"affected\", value:\"'webkit2gtk3' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3\", rpm:\"webkit2gtk3~2.26.4~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-05T16:38:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-8844", "CVE-2020-3865", "CVE-2019-8846", "CVE-2020-3862", "CVE-2020-3867", "CVE-2019-8835", "CVE-2020-3864", "CVE-2020-3868"], "description": "The remote host is missing an update for the ", "modified": "2020-03-03T00:00:00", "published": "2020-03-03T00:00:00", "id": "OPENVAS:1361412562310853057", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853057", "type": "openvas", "title": "openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2020:0278-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853057\");\n script_version(\"2020-03-03T12:05:12+0000\");\n script_cve_id(\"CVE-2019-8835\", \"CVE-2019-8844\", \"CVE-2019-8846\", \"CVE-2020-3862\", \"CVE-2020-3864\", \"CVE-2020-3865\", \"CVE-2020-3867\", \"CVE-2020-3868\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-03 12:05:12 +0000 (Tue, 03 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-03 04:01:23 +0000 (Tue, 03 Mar 2020)\");\n script_name(\"openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2020:0278-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0278-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the openSUSE-SU-2020:0278-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for webkit2gtk3 to version 2.26.4 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719).\n\n - CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719).\n\n - CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719).\n\n - CVE-2020-3862: Fixed a memory handling issue (bsc#1163809).\n\n - CVE-2020-3864: Fixed a logic issue in the DOM object context handling\n (bsc#1163809).\n\n - CVE-2020-3865: Fixed a logic issue in the DOM object context handling\n (bsc#1163809).\n\n - CVE-2020-3867: Fixed an XSS issue (bsc#1163809).\n\n - CVE-2020-3868: Fixed multiple memory corruption issues that could have\n lead to arbitrary code execution (bsc#1163809).\n\n Non-security issues fixed:\n\n - Fixed issues while trying to play a video on NextCloud.\n\n - Fixed vertical alignment of text containing arabic diacritics.\n\n - Fixed build with icu 65.1.\n\n - Fixed page loading errors with websites using HSTS.\n\n - Fixed web process crash when displaying a KaTeX formula.\n\n - Fixed several crashes and rendering issues.\n\n - Switched to a single web process for Evolution and geary (bsc#1159329\n glgo#GNOME/evolution#587).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-278=1\");\n\n script_tag(name:\"affected\", value:\"'webkit2gtk3' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18\", rpm:\"libjavascriptcoregtk-4_0-18~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37\", rpm:\"libwebkit2gtk-4_0-37~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-debuginfo~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-JavaScriptCore-4_0\", rpm:\"typelib-1_0-JavaScriptCore-4_0~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2-4_0\", rpm:\"typelib-1_0-WebKit2-4_0~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2WebExtension-4_0\", rpm:\"typelib-1_0-WebKit2WebExtension-4_0~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4\", rpm:\"webkit-jsc-4~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4-debuginfo\", rpm:\"webkit-jsc-4-debuginfo~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles\", rpm:\"webkit2gtk-4_0-injected-bundles~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles-debuginfo\", rpm:\"webkit2gtk-4_0-injected-bundles-debuginfo~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-debugsource\", rpm:\"webkit2gtk3-debugsource~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-devel\", rpm:\"webkit2gtk3-devel~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser\", rpm:\"webkit2gtk3-minibrowser~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser-debuginfo\", rpm:\"webkit2gtk3-minibrowser-debuginfo~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk3-lang\", rpm:\"libwebkit2gtk3-lang~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-32bit~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit\", rpm:\"libwebkit2gtk-4_0-37-32bit~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-32bit-debuginfo~2.26.4~lp151.2.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T07:37:08", "description": "A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service.", "edition": 15, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-02-27T21:15:00", "title": "CVE-2020-3862", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3862"], "modified": "2020-03-15T07:15:00", "cpe": ["cpe:/a:apple:icloud:10.8", "cpe:/o:opensuse:leap:15.1"], "id": "CVE-2020-3862", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3862", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apple:icloud:10.8:*:*:*:*:windows:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:37:08", "description": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.", "edition": 15, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-27T21:15:00", "title": "CVE-2020-3865", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3865"], "modified": "2020-03-15T07:15:00", "cpe": ["cpe:/a:apple:icloud:10.8", "cpe:/o:opensuse:leap:15.1"], "id": "CVE-2020-3865", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3865", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apple:icloud:10.8:*:*:*:*:windows:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:37:08", "description": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.", "edition": 15, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-27T21:15:00", "title": "CVE-2020-3868", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3868"], "modified": "2020-03-15T07:15:00", "cpe": ["cpe:/a:apple:icloud:10.8", "cpe:/o:opensuse:leap:15.1"], "id": "CVE-2020-3868", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3868", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apple:icloud:10.8:*:*:*:*:windows:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:37:08", "description": "A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.", "edition": 15, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-02-27T21:15:00", "title": "CVE-2020-3867", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3867"], "modified": "2020-03-15T07:15:00", "cpe": ["cpe:/a:apple:icloud:10.8", "cpe:/o:opensuse:leap:15.1"], "id": "CVE-2020-3867", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3867", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apple:icloud:10.8:*:*:*:*:windows:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:37:08", "description": "A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-27T21:15:00", "title": "CVE-2020-3864", "type": "cve", "cwe": ["CWE-346"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3864"], "modified": "2020-10-30T01:32:00", "cpe": [], "id": "CVE-2020-3864", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3864", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}], "apple": [{"lastseen": "2020-12-24T20:44:53", "bulletinFamily": "software", "cvelist": ["CVE-2020-3825", "CVE-2020-3865", "CVE-2020-3826", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868", "CVE-2020-3846"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iCloud for Windows 7.17\n\nReleased January 28, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3826: Samuel Gro\u00df of Google Project Zero\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2020-3846: Ranier Vilela\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-3867: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2020-3825: Przemys\u0142aw Sporysz of Euvic\n\nCVE-2020-3868: Marcin Towalski of Cisco Talos\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2020-3862: Srikanth Gatta of Google Chrome\n\n**WebKit Page Loading**\n\nAvailable for: Windows 7 and later\n\nImpact: A top-level DOM object context may have incorrectly been considered secure\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-3865: Ryan Pickren (ryanpickren.com)\n\nEntry added February 11, 2020\n\n**WebKit Page Loading**\n\nAvailable for: Windows 7 and later\n\nImpact: A DOM object context may not have had a unique security origin\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-3864: Ryan Pickren (ryanpickren.com)\n\nEntry added February 11, 2020\n", "edition": 2, "modified": "2020-02-12T06:49:31", "published": "2020-02-12T06:49:31", "id": "APPLE:HT210948", "href": "https://support.apple.com/kb/HT210948", "title": "About the security content of iCloud for Windows 7.17 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:15", "bulletinFamily": "software", "cvelist": ["CVE-2020-3825", "CVE-2019-8827", "CVE-2020-3865", "CVE-2020-3826", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868", "CVE-2020-3846"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iCloud for Windows 10.9.2\n\nReleased January 29, 2020\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3826: Samuel Gro\u00df of Google Project Zero\n\n**libxml2**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2020-3846: Ranier Vilela\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-3867: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2020-3825: Przemys\u0142aw Sporysz of Euvic\n\nCVE-2020-3868: Marcin Towalski of Cisco Talos\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2020-3862: Srikanth Gatta of Google Chrome\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Visiting a maliciously crafted website may reveal the sites a user has visited\n\nDescription: The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin.\n\nCVE-2019-8827: Artur Janc, Krzysztof Kotowicz, Lukas Weichselbaum, and Roberto Clapis of Google Security Team\n\nEntry added February 3, 2020\n\n**WebKit Page Loading**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A top-level DOM object context may have incorrectly been considered secure\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-3865: Ryan Pickren (ryanpickren.com)\n\nEntry added February 11, 2020\n\n**WebKit Page Loading**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A DOM object context may not have had a unique security origin\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-3864: Ryan Pickren (ryanpickren.com)\n\nEntry added February 11, 2020\n", "edition": 2, "modified": "2020-02-11T08:43:39", "published": "2020-02-11T08:43:39", "id": "APPLE:HT210947", "href": "https://support.apple.com/kb/HT210947", "title": "About the security content of iCloud for Windows 10.9.2 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:09", "bulletinFamily": "software", "cvelist": ["CVE-2020-3825", "CVE-2020-3865", "CVE-2020-3861", "CVE-2020-3826", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868", "CVE-2020-3846"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iTunes 12.10.4 for Windows\n\nReleased January 28, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3826: Samuel Gro\u00df of Google Project Zero\n\nEntry added January 29, 2020\n\n**libxml2**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2020-3846: Ranier Vilela\n\nEntry added January 29, 2020\n\n**Mobile Device Service**\n\nAvailable for: Windows 7 and later\n\nImpact: A user may gain access to protected parts of the file system\n\nDescription: The issue was addressed with improved permissions logic.\n\nCVE-2020-3861: Andrea Pierini (@decoder_it), Christian Danieli (@padovah4ck)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-3867: an anonymous researcher\n\nEntry added January 29, 2020\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2020-3825: Przemys\u0142aw Sporysz of Euvic\n\nCVE-2020-3868: Marcin Towalski of Cisco Talos\n\nEntry added January 29, 2020\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2020-3862: Srikanth Gatta of Google Chrome\n\nEntry added January 29, 2020\n\n**WebKit Page Loading**\n\nAvailable for: Windows 7 and later\n\nImpact: A top-level DOM object context may have incorrectly been considered secure\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-3865: Ryan Pickren (ryanpickren.com)\n\nEntry added January 29, 2020, updated February 11, 2020\n\n**WebKit Page Loading**\n\nAvailable for: Windows 7 and later\n\nImpact: A DOM object context may not have had a unique security origin\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-3864: Ryan Pickren (ryanpickren.com)\n\nEntry added February 11, 2020\n", "edition": 2, "modified": "2020-02-12T06:49:20", "published": "2020-02-12T06:49:20", "id": "APPLE:HT210923", "href": "https://support.apple.com/kb/HT210923", "title": "About the security content of iTunes 12.10.4 for Windows - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:59", "bulletinFamily": "software", "cvelist": ["CVE-2020-3825", "CVE-2020-3833", "CVE-2020-3841", "CVE-2020-9860", "CVE-2020-3865", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3852", "CVE-2020-3864", "CVE-2020-3868"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Safari 13.0.5\n\nReleased January 28, 2020\n\n**Safari**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing a maliciously crafted URL may lead to arbitrary javascript code execution\n\nDescription: A custom URL scheme handling issue was addressed with improved input validation.\n\nCVE-2020-9860: CodeColorist of Ant-Financial LightYear Labs\n\nEntry added June 25, 2020\n\n**Safari**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2020-3833: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\n**Safari**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A URL scheme may be incorrectly ignored when determining multimedia permission for a website\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-3852: Ryan Pickren (ryanpickren.com)\n\nEntry added February 6, 2020\n\n**Safari Login AutoFill**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A local user may unknowingly send a password unencrypted over the network\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2020-3841: Sebastian Bicchi (@secresDoge) from Sec-Research\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-3867: an anonymous researcher\n\nEntry added January 29, 2020\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2020-3825: Przemys\u0142aw Sporysz of Euvic\n\nCVE-2020-3868: Marcin Towalski of Cisco Talos\n\nEntry added January 29, 2020\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2020-3862: Srikanth Gatta of Google Chrome\n\nEntry added January 29, 2020 \n\n\n**WebKit Page Loading**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A top-level DOM object context may have incorrectly been considered secure\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-3865: Ryan Pickren (ryanpickren.com)\n\nEntry added January 29, 2020, updated February 6, 2020\n\n**WebKit Page Loading**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A DOM object context may not have had a unique security origin\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-3864: Ryan Pickren (ryanpickren.com)\n\nEntry added February 6, 2020\n", "edition": 3, "modified": "2020-06-25T07:57:40", "published": "2020-06-25T07:57:40", "id": "APPLE:HT210922", "href": "https://support.apple.com/kb/HT210922", "title": "About the security content of Safari 13.0.5 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:03", "bulletinFamily": "software", "cvelist": ["CVE-2020-3825", "CVE-2019-8836", "CVE-2020-3829", "CVE-2020-3856", "CVE-2020-3857", "CVE-2020-3878", "CVE-2020-3865", "CVE-2020-3826", "CVE-2020-3837", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3838", "CVE-2020-3853", "CVE-2020-3880", "CVE-2020-3842", "CVE-2020-3872", "CVE-2020-3875", "CVE-2020-3840", "CVE-2020-3870", "CVE-2020-3864", "CVE-2020-3836", "CVE-2020-3868", "CVE-2020-3846"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## tvOS 13.3.1\n\nReleased January 28, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3826: Samuel Gro\u00df of Google Project Zero\n\nCVE-2020-3870\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\nCVE-2020-3880: Samuel Gro\u00df of Google Project Zero\n\nEntry updated April 4, 2020\n\n**IOAcceleratorFamily**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-3837: Brandon Azad of Google Project Zero\n\n**IOUSBDeviceFamily**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-8836: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington\n\nEntry added June 22, 2020\n\n**IPSec**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution\n\nDescription: An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking.\n\nCVE-2020-3840: @littlelailo\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2020-3875: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-3872: Haakon Garseg M\u00f8rk of Cognite and Cim Stordal of Cognite\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An access issue was addressed with improved memory management.\n\nCVE-2020-3836: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-3842: Ned Williamson working with Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-3853: Brandon Azad of Google Project Zero\n\n**libxml2**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2020-3846: Ranier Vilela\n\nEntry added January 29, 2020\n\n**libxpc**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted string may lead to heap corruption\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-3856: Ian Beer of Google Project Zero\n\n**libxpc**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-3829: Ian Beer of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2020-3825: Przemys\u0142aw Sporysz of Euvic\n\nCVE-2020-3868: Marcin Towalski of Cisco Talos\n\nEntry updated January 29, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2020-3862: Srikanth Gatta of Google Chrome\n\nEntry added January 29, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-3867: an anonymous researcher\n\nEntry added January 29, 2020\n\n**WebKit Page Loading**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A top-level DOM object context may have incorrectly been considered secure\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-3865: Ryan Pickren (ryanpickren.com)\n\nEntry added January 29, 2020, updated February 11, 2020\n\n**WebKit Page Loading**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A DOM object context may not have had a unique security origin\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-3864: Ryan Pickren (ryanpickren.com)\n\nEntry added February 11, 2020\n\n**wifivelocityd**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: The issue was addressed with improved permissions logic.\n\nCVE-2020-3838: Dayton Pidhirney (@_watbulb)\n\n\n\n## Additional recognition\n\n**IOSurface**\n\nWe would like to acknowledge Liang Chen (@chenliang0817) for their assistance.\n", "edition": 3, "modified": "2020-06-22T04:31:02", "published": "2020-06-22T04:31:02", "id": "APPLE:HT210920", "href": "https://support.apple.com/kb/HT210920", "title": "About the security content of tvOS 13.3.1 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:55", "bulletinFamily": "software", "cvelist": ["CVE-2020-3825", "CVE-2019-8836", "CVE-2020-3873", "CVE-2020-3829", "CVE-2020-3841", "CVE-2020-3856", "CVE-2020-3869", "CVE-2020-3828", "CVE-2020-3831", "CVE-2020-3874", "CVE-2020-3858", "CVE-2020-3857", "CVE-2020-3878", "CVE-2020-3844", "CVE-2020-3865", "CVE-2020-3826", "CVE-2020-3837", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3838", "CVE-2020-3853", "CVE-2020-3880", "CVE-2020-3860", "CVE-2020-3842", "CVE-2020-3872", "CVE-2020-3875", "CVE-2020-3840", "CVE-2020-3859", "CVE-2020-3870", "CVE-2020-3864", "CVE-2020-3843", "CVE-2020-3836", "CVE-2020-3868", "CVE-2020-3846"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 13.3.1 and iPadOS 13.3.1\n\nReleased January 28, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team\n\n**FaceTime**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote FaceTime user may be able to cause the local user's camera self-view to display the incorrect camera\n\nDescription: An issue existed in the handling of the local user's self-view. The issue was corrected with improved logic.\n\nCVE-2020-3869: Elisa Lee\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3826: Samuel Gro\u00df of Google Project Zero\n\nCVE-2020-3870\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\nCVE-2020-3880: Samuel Gro\u00df of Google Project Zero\n\nEntry updated April 4, 2020\n\n**IOAcceleratorFamily**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-3837: Brandon Azad of Google Project Zero\n\n**IOUSBDeviceFamily**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-8836: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington\n\nEntry added June 22, 2020\n\n**IPSec**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution\n\nDescription: An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking.\n\nCVE-2020-3840: @littlelailo\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2020-3875: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-3872: Haakon Garseg M\u00f8rk of Cognite and Cim Stordal of Cognite\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An access issue was addressed with improved memory management.\n\nCVE-2020-3836: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-3842: Ned Williamson working with Google Project Zero\n\nCVE-2020-3858: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc, Luyi Xing of Indiana University Bloomington\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2020-3831: Chilik Tamir of Zimperium zLabs, Corellium, Proteas of Qihoo 360 Nirvan Team\n\nEntry updated March 19, 2020\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-3853: Brandon Azad of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-3860: Proteas of Qihoo 360 Nirvan Team\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2020-3846: Ranier Vilela\n\nEntry added January 29, 2020\n\n**libxpc**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted string may lead to heap corruption\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-3856: Ian Beer of Google Project Zero\n\n**libxpc**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-3829: Ian Beer of Google Project Zero\n\n**Mail**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Turning off \"Load remote content in messages\u201d may not apply to all mail previews\n\nDescription: This issue was addressed with improved setting propagation.\n\nCVE-2020-3873: Alexander Heinrich (@Sn0wfreeze) of Technische Universit\u00e4t Darmstadt, Hudson Pridham of Bridgeable, Stuart Chapman\n\nEntry updated March 19, 2020\n\n**Messages**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A person with physical access to an iOS device may be able to access contacts from the lock screen\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2020-3859: Andrew Gonzalez, Simone PC\n\nEntry updated January 29, 2020\n\n**Messages**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Users removed from an iMessage conversation may still be able to alter state\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-3844: Ayden Panhuyzen (@aydenpanhuyzen) and Jamie Bishop (@jamiebishop123) of Dynastic, Lance Rodgers of Oxon Hill High School\n\nEntry updated January 29, 2020\n\n**Phone**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A person with physical access to an iOS device may be able to access contacts from the lock screen\n\nDescription: A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management.\n\nCVE-2020-3828: an anonymous researcher\n\n**Safari Login AutoFill**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A local user may unknowingly send a password unencrypted over the network\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2020-3841: Sebastian Bicchi (@secresDoge) from Sec-Research\n\n**Screenshots**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Screenshots of the Messages app may reveal additional message content\n\nDescription: An issued existed in the naming of screenshots. The issue was corrected with improved naming.\n\nCVE-2020-3874: Nicolas Luckie of Durham College\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2020-3862: Srikanth Gatta of Google Chrome\n\nEntry added January 29, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2020-3825: Przemys\u0142aw Sporysz of Euvic\n\nCVE-2020-3868: Marcin Towalski of Cisco Talos\n\nEntry added January 29, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-3867: an anonymous researcher\n\nEntry added January 29, 2020\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A DOM object context may not have had a unique security origin\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-3864: Ryan Pickren (ryanpickren.com)\n\nEntry added February 6, 2020\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A top-level DOM object context may have incorrectly been considered secure\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-3865: Ryan Pickren (ryanpickren.com)\n\nEntry added January 29, 2020, updated February 6, 2020\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-3843: Ian Beer of Google Project Zero\n\nEntry added February 6, 2020\n\n**wifivelocityd**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: The issue was addressed with improved permissions logic.\n\nCVE-2020-3838: Dayton Pidhirney (@_watbulb)\n\n\n\n## Additional recognition\n\n**IOSurface**\n\nWe would like to acknowledge Liang Chen (@chenliang0817) for their assistance.\n\n**Photos Storage**\n\nWe would like to acknowledge Allison Husain of UC Berkeley for their assistance.\n\nEntry updated March 19, 2020\n", "edition": 3, "modified": "2020-06-22T04:31:02", "published": "2020-06-22T04:31:02", "id": "APPLE:HT210918", "href": "https://support.apple.com/kb/HT210918", "title": "About the security content of iOS 13.3.1 and iPadOS 13.3.1 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2020-03-02T08:33:28", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8844", "CVE-2020-3865", "CVE-2019-8846", "CVE-2020-3862", "CVE-2020-3867", "CVE-2019-8835", "CVE-2020-3864", "CVE-2020-3868"], "description": "This update for webkit2gtk3 to version 2.26.4 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719).\n - CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719).\n - CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719).\n - CVE-2020-3862: Fixed a memory handling issue (bsc#1163809).\n - CVE-2020-3864: Fixed a logic issue in the DOM object context handling\n (bsc#1163809).\n - CVE-2020-3865: Fixed a logic issue in the DOM object context handling\n (bsc#1163809).\n - CVE-2020-3867: Fixed an XSS issue (bsc#1163809).\n - CVE-2020-3868: Fixed multiple memory corruption issues that could have\n lead to arbitrary code execution (bsc#1163809).\n\n Non-security issues fixed:\n\n - Fixed issues while trying to play a video on NextCloud.\n - Fixed vertical alignment of text containing arabic diacritics.\n - Fixed build with icu 65.1.\n - Fixed page loading errors with websites using HSTS.\n - Fixed web process crash when displaying a KaTeX formula.\n - Fixed several crashes and rendering issues.\n - Switched to a single web process for Evolution and geary (bsc#1159329\n glgo#GNOME/evolution#587).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-03-02T06:11:41", "published": "2020-03-02T06:11:41", "id": "OPENSUSE-SU-2020:0278-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html", "title": "Security update for webkit2gtk3 (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2020-09-02T11:47:48", "bulletinFamily": "info", "cvelist": ["CVE-2020-3825", "CVE-2019-8827", "CVE-2020-3865", "CVE-2020-3826", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868", "CVE-2020-3846"], "description": "### *Detect date*:\n01/28/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions.\n\n### *Affected products*:\nApple iCloud earlier than 7.17 \nApple iCloud earlier than 10.9.2\n\n### *Solution*:\nUpdate to the latest version \n[Download iCloud](<https://support.apple.com/en-us/HT204283>)\n\n### *Original advisories*:\n[HT210948](<https://support.apple.com/kb/HT210948>) \n[HT210947](<https://support.apple.com/kb/HT210947>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iCloud](<https://threats.kaspersky.com/en/product/Apple-iCloud/>)\n\n### *CVE-IDS*:\n[CVE-2020-3868](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868>)0.0Unknown \n[CVE-2020-3846](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3846>)0.0Unknown \n[CVE-2020-3826](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3826>)0.0Unknown \n[CVE-2020-3865](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865>)0.0Unknown \n[CVE-2020-3825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3825>)0.0Unknown \n[CVE-2020-3867](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867>)0.0Unknown \n[CVE-2020-3862](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862>)0.0Unknown \n[CVE-2019-8827](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8827>)0.0Unknown \n[CVE-2020-3864](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864>)0.0Unknown", "edition": 1, "modified": "2020-05-22T00:00:00", "published": "2020-01-28T00:00:00", "id": "KLA11650", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11650", "title": "\r KLA11650Multiple vulnerabilities in Apple iCloud ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:52:39", "bulletinFamily": "info", "cvelist": ["CVE-2020-3825", "CVE-2020-3865", "CVE-2020-3861", "CVE-2020-3826", "CVE-2020-3862", "CVE-2020-3867", "CVE-2020-3864", "CVE-2020-3868", "CVE-2020-3846"], "description": "### *Detect date*:\n01/28/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions.\n\n### *Affected products*:\nApple iTunes earlier than 12.10.4\n\n### *Solution*:\nUpdate to the latest version \n[Download iTunes](<https://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[HT210923](<https://support.apple.com/kb/HT210923>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2020-3868](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868>)0.0Unknown \n[CVE-2020-3846](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3846>)0.0Unknown \n[CVE-2020-3826](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3826>)0.0Unknown \n[CVE-2020-3865](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865>)0.0Unknown \n[CVE-2020-3825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3825>)0.0Unknown \n[CVE-2020-3867](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867>)0.0Unknown \n[CVE-2020-3862](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862>)0.0Unknown \n[CVE-2020-3861](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3861>)0.0Unknown \n[CVE-2020-3864](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864>)0.0Unknown", "edition": 1, "modified": "2020-05-22T00:00:00", "published": "2020-01-28T00:00:00", "id": "KLA11651", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11651", "title": "\r KLA11651Multiple vulnerabilities in Apple iTunes ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2020-02-12T15:31:29", "bulletinFamily": "blog", "cvelist": ["CVE-2020-3868"], "description": "[](<https://1.bp.blogspot.com/-4KmzPgCzEnI/XUgv9m3AF_I/AAAAAAAAAC4/C28-47fWukERV4yT0uQnA2_xuy2aB8ZkgCPcBGAYYCw/s1600/recurring%2Bblog%2Bimages_vuln%2Bspotlight.jpg>)\n\n_ \n__Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw._ \n \nThe Apple Safari web browser contains a remote code execution vulnerability in its Fonts feature. If a user were to open a malicious web page in Safari, they could trigger a type confusion, resulting in \n\n\n[](<https://1.bp.blogspot.com/-JXkSIehaKi4/XUgwEX6wLjI/AAAAAAAAAC8/8mea4rZfy7AGT_PIchejkERmCFmfdbxTACPcBGAYYCw/s1600/patch_availability_available.jpg>)\n\nmemory corruption and possibly arbitrary code execution. An attacker would need to trick the user into visiting the web page by some means to trigger this vulnerability. \n \nIn accordance with our coordinated disclosure policy, Cisco Talos worked with Apple to ensure that these issues are resolved and that [an update](<https://support.apple.com/en-us/HT201222>) is available for affected customers. \n \n\n\n### Vulnerability details\n\n**Apple Safari FontFaceSet remote code execution vulnerability (TALOS-2019-0967/CVE-2020-3868)** \n \nA type confusion vulnerability exists in the Fonts feature of Apple Safari, version 13.0.3. A specially crafted HTML web page can cause a type confusion, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, the target application needs to process a specially crafted HTML web page. \n \nRead the complete vulnerability advisory [here](<https://talosintelligence.com/vulnerability_reports/TALOS-2019-0967>) for additional information. \n \n\n\n### Versions tested\n\nTalos tested and confirmed that this vulnerability affects Safari, version 13.0.3 (15608.3.10.1.4); Safari technology preview release 96 (Safari 13.1, WebKit 15609.1.9.7) and Webkit GIT e4cd3b4fab6166d1288984ded40c588439dab925. \n \n\n\n### Coverage\n\nThe following SNORT\u24c7 rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org. \n \nSnort Rules: 52415, 52416 \n\n\n \n\n\n", "modified": "2020-02-12T05:44:00", "published": "2020-02-12T05:44:00", "id": "TALOSBLOG:05E3F5C3268BCA0F23A702005ACD5EDB", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/yY7ozCZSDyM/vuln-spotlight-apple-safari-code-execution-feb-2020.html", "type": "talosblog", "title": "Vulnerability Spotlight: Remote code execution vulnerability in Apple Safari", "cvss": {"score": 0.0, "vector": "NONE"}}], "talos": [{"lastseen": "2020-07-01T21:24:53", "bulletinFamily": "info", "cvelist": ["CVE-2020-3868"], "description": "# Talos Vulnerability Report\n\n### TALOS-2019-0967\n\n## Apple Safari FontFaceSet Remote Code Execution Vulnerability\n\n##### February 12, 2020\n\n##### CVE Number\n\nCVE-2020-3868\n\n### Summary\n\nA type confusion vulnerability exists in the Fonts feature of Apple Safari version 13.0.3. A specially crafted HTML web page can cause a type confusion, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted HTML web page needs to be processed by the target application.\n\n### Tested Versions\n\nSafari Version 13.0.3 (15608.3.10.1.4) Safari Technology Preview Release 96 (Safari 13.1, WebKit 15609.1.9.7) Webkit GIT e4cd3b4fab6166d1288984ded40c588439dab925\n\n### Product URLs\n\n<https://www.apple.com/safari/> <https://webkit.org/>\n\n### CVSSv3 Score\n\n8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-704: Incorrect Type Conversion or Cast\n\n### Details\n\nWebCore is the DOM rendering system for Webkit web browser engine which is utilized by many applications, including Apple Safari.\n\nThe supplied PoC code was tested and confirmed, on the current release branch of Safari, Technology Preview, as well as the latest git head version of WebKit.\n\nFontFaceSet object in Javascript exposes a `check` and `load` methods which are used to to load fonts. First parameter of these represents a font specification using standard CSS value syntax. The crux of this vulnerability lies in a way malformed font descriptions that contain certain CSS keywords are processed. Keywords that trigger this vulnerability are `inherit`, `unset` and `initial`. CSS font description parser returns an unexpected object type which is confused and results in a wild memory access. We can observe the following crashes with different CSS keywords.\n\nCrash with `unset` keyword: 0x10ec28e60 <+896>: cvttss2si %xmm1, %r12d 0x10ec28e65 <+901>: movq 0x8(%r14), %rax -> 0x10ec28e69 <+905>: movzwl 0x4(%rax), %ecx General Purpose Registers: rax = 0x0000d00000000001\n\nWe see a crash on the same instruction but with a different value with `initial` keyword:\n \n \n General Purpose Registers:\n rax = 0x0000c80000000001\n \n\nSimilarly, keyword `inherit` results in a crash with the following dereference:\n \n \n General Purpose Registers:\n rax = 0x0100c00000000001\n \n\nFurther analysis between debug and release version reveals more details. Debug build with modification of Webkit source code, crashes within function that is responsible for downcast:\n \n \n inline typename match_constness<Source, Target>::type& downcast(Source& source)\n {\n static_assert(!std::is_same<Source, Target>::value, \"Unnecessary cast to same type\");\n static_assert(std::is_base_of<Source, Target>::value, \"Should be a downcast\");\n ASSERT_WITH_SECURITY_IMPLICATION(is<Target>(source));\n return static_cast<typename match_constness<Source, Target>::type&>(source);\n }\n \n\nFrom this, we can see that there is an issue with casting 1st argument of function that has special CSS meaning to CSSFontStyleValue.\n\nThis type confusion results in a wild memory access. With more precise memory layout control, it is possible that this could result in further memory corruption.\n\n### Crash Information\n \n \n =================================================================\n ==78958==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000138f8 at pc 0x00015241ee57 bp 0x7ffee96a3600 sp 0x7ffee96a35f8\n READ of size 8 at 0x6020000138f8 thread T0\n ==78958==WARNING: invalid path to external symbolizer!\n ==78958==WARNING: Failed to use and restart external symbolizer!\n #0 0x15241ee56 in WTF::Ref<WebCore::CSSPrimitiveValue, WTF::DumbPtrTraits<WebCore::CSSPrimitiveValue> >::operator->() const (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9e0e56)\n #1 0x1535bf85f in WebCore::Style::BuilderConverter::convertFontStyleFromValue(WebCore::CSSValue const&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1b8185f)\n #2 0x154682607 in WebCore::computeFontSelectionRequest(WebCore::MutableStyleProperties&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2c44607)\n #3 0x15468186c in WebCore::CSSFontFaceSet::matchingFacesExcludingPreinstalledFonts(WTF::String const&, WTF::String const&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2c4386c)\n #4 0x15468425d in WebCore::CSSFontFaceSet::check(WTF::String const&, WTF::String const&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2c4625d)\n #5 0x15477eaec in WebCore::FontFaceSet::check(WTF::String const&, WTF::String const&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2d40aec)\n #6 0x15257a501 in WebCore::jsFontFaceSetPrototypeFunctionCheckBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSFontFaceSet*, JSC::ThrowScope&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0xb3c501)\n #7 0x1524dad75 in long long WebCore::IDLOperation<WebCore::JSFontFaceSet>::call<&(WebCore::jsFontFaceSetPrototypeFunctionCheckBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSFontFaceSet*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0xa9cd75)\n #8 0x572e5be0116a (<unknown module>)\n #9 0x16bb1bbf0 in llint_entry (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xa85bf0)\n #10 0x16bb1bbf0 in llint_entry (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xa85bf0)\n #11 0x16bb04f28 in vmEntryToJavaScript (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xa6ef28)\n #12 0x16d108a6b in JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x2072a6b)\n #13 0x16d725b10 in JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x268fb10)\n #14 0x16d725c11 in JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x268fc11)\n #15 0x16d725fef in JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x268ffef)\n #16 0x154322b5b in WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x28e4b5b)\n #17 0x154349832 in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x290b832)\n #18 0x154a9d108 in WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul>, WebCore::EventTarget::EventInvokePhase) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x305f108)\n #19 0x154a984b7 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x305a4b7)\n #20 0x154a8573d in WebCore::EventContext::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) const (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x304773d)\n #21 0x154a865c6 in WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x30485c6)\n #22 0x154a86073 in WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3048073)\n #23 0x154e901f8 in WebCore::HTMLDetailsElement::dispatchPendingEvent(WebCore::EventSender<WebCore::HTMLDetailsElement>*) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x34521f8)\n #24 0x154e93347 in WebCore::EventSender<WebCore::HTMLDetailsElement>::dispatchPendingEvents() (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3455347)\n #25 0x155af3c26 in WebCore::ThreadTimers::sharedTimerFiredInternal() (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x40b5c26)\n #26 0x155b739ce in WebCore::timerFired(__CFRunLoopTimer*, void*) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x41359ce)\n #27 0x7fff3805e703 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x5a703)\n #28 0x7fff3805e2bd in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x5a2bd)\n #29 0x7fff3805dcdd in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x59cdd)\n #30 0x7fff3803eb0c in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x3ab0c)\n #31 0x7fff3803dfe2 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x39fe2)\n #32 0x7fff3a6e26ec in -[NSRunLoop(NSRunLoop) runMode:beforeDate:] (/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation:x86_64+0x1b6ec)\n #33 0x7fff3a6e2605 in -[NSRunLoop(NSRunLoop) run] (/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation:x86_64+0x1b605)\n #34 0x7fff6f77e935 in _xpc_objc_main.cold.4 (/usr/lib/system/libxpc.dylib:x86_64+0x26935)\n #35 0x7fff6f76770c in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf70c)\n #36 0x7fff6f767227 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf227)\n #37 0x106e34d95 in WebKit::XPCServiceMain(int, char const**) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit:x86_64+0x8d1d95)\n #38 0x7fff6f5182e4 in start (/usr/lib/system/libdyld.dylib:x86_64+0x112e4)\n \n 0x6020000138f8 is located 0 bytes to the right of 8-byte region [0x6020000138f0,0x6020000138f8)\n allocated by thread T0 here:\n #0 0x1500622f3 in __sanitizer_mz_malloc (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/com.apple.WebKit.WebContent.xpc/Contents/Frameworks/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x622f3)\n #1 0x7fff6f6d67ef in malloc_zone_malloc (/usr/lib/system/libsystem_malloc.dylib:x86_64+0x17ef)\n #2 0x16b237aa8 in bmalloc::DebugHeap::malloc(unsigned long, bmalloc::FailureAction) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1a1aa8)\n #3 0x154733483 in WebCore::CSSInitialValue::createExplicit() (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2cf5483)\n #4 0x1547330b3 in WebCore::CSSValuePool::CSSValuePool() (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2cf50b3)\n #5 0x154743358 in WTF::NeverDestroyed<WebCore::CSSValuePool>::NeverDestroyed<>() (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2d05358)\n #6 0x154732f35 in WebCore::CSSValuePool::singleton() (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2cf4f35)\n #7 0x154827124 in WebCore::CSSPropertyParserHelpers::consumeIdent(WebCore::CSSParserTokenRange&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2de9124)\n #8 0x15481cd1a in WebCore::CSSPropertyParser::parseSingleValue(WebCore::CSSPropertyID, WebCore::CSSPropertyID) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2dded1a)\n #9 0x15481c556 in WebCore::CSSPropertyParser::parseValueStart(WebCore::CSSPropertyID, bool) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2dde556)\n #10 0x15481bcd2 in WebCore::CSSPropertyParser::parseValue(WebCore::CSSPropertyID, bool, WebCore::CSSParserTokenRange const&, WebCore::CSSParserContext const&, WTF::Vector<WebCore::CSSProperty, 256ul, WTF::CrashOnOverflow, 16ul>&, WebCore::StyleRuleType) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2dddcd2)\n #11 0x1547fd8c0 in WebCore::CSSParserImpl::consumeDeclarationValue(WebCore::CSSParserTokenRange, WebCore::CSSPropertyID, bool, WebCore::StyleRuleType) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2dbf8c0)\n #12 0x15480157d in WebCore::CSSParserImpl::consumeDeclaration(WebCore::CSSParserTokenRange, WebCore::StyleRuleType) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2dc357d)\n #13 0x1547fdfe1 in WebCore::CSSParserImpl::consumeDeclarationList(WebCore::CSSParserTokenRange, WebCore::StyleRuleType) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2dbffe1)\n #14 0x154804c60 in WebCore::CSSParserImpl::consumeStyleRule(WebCore::CSSParserTokenRange, WebCore::CSSParserTokenRange) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2dc6c60)\n #15 0x1547ffa3a in WebCore::CSSParserImpl::consumeQualifiedRule(WebCore::CSSParserTokenRange&, WebCore::CSSParserImpl::AllowedRulesType) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2dc1a3a)\n #16 0x1547ffdb9 in bool WebCore::CSSParserImpl::consumeRuleList<WebCore::CSSParserImpl::parseStyleSheet(WTF::String const&, WebCore::CSSParserContext const&, WebCore::StyleSheetContents*, WebCore::CSSParser::RuleParsing)::$_2>(WebCore::CSSParserTokenRange, WebCore::CSSParserImpl::RuleListType, WebCore::CSSParserImpl::parseStyleSheet(WTF::String const&, WebCore::CSSParserContext const&, WebCore::StyleSheetContents*, WebCore::CSSParser::RuleParsing)::$_2) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2dc1db9)\n #17 0x1547f4b5d in WebCore::CSSParserImpl::parseStyleSheet(WTF::String const&, WebCore::CSSParserContext const&, WebCore::StyleSheetContents*, WebCore::CSSParser::RuleParsing) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2db6b5d)\n #18 0x1547de806 in WebCore::StyleSheetContents::parseString(WTF::String const&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2da0806)\n #19 0x1567aa610 in WebCore::Style::parseUASheet(WTF::String const&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x4d6c610)\n #20 0x1567aa765 in WebCore::Style::parseUASheet(char const*, unsigned int) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x4d6c765)\n #21 0x1567a987d in WebCore::Style::UserAgentStyle::loadSimpleDefaultStyle() (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x4d6b87d)\n #22 0x156779852 in WebCore::Style::Resolver::Resolver(WebCore::Document&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x4d3b852)\n #23 0x15678b38f in std::__1::__unique_if<WebCore::Style::Resolver>::__unique_single std::__1::make_unique<WebCore::Style::Resolver, WebCore::Document&>(WebCore::Document&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x4d4d38f)\n #24 0x156780341 in WebCore::Style::Scope::resolver() (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x4d42341)\n #25 0x1567a6bfd in WebCore::Style::TreeResolver::resolve() (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x4d68bfd)\n #26 0x154971c90 in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2f33c90)\n #27 0x154974bf5 in WebCore::Document::createRenderTree() (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2f36bf5)\n #28 0x154974db8 in WebCore::Document::didBecomeCurrentDocumentInFrame() (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2f36db8)\n #29 0x155841c46 in WebCore::Frame::setDocument(WTF::RefPtr<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >&&) (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x3e03c46)\n \n SUMMARY: AddressSanitizer: heap-buffer-overflow (/Users/mt_talos/Work/Browsers/builds/webkit_release_asan/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9e0e56) in WTF::Ref<WebCore::CSSPrimitiveValue, WTF::DumbPtrTraits<WebCore::CSSPrimitiveValue> >::operator->() const\n Shadow bytes around the buggy address:\n 0x1c04000026c0: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00\n 0x1c04000026d0: fa fa 00 00 fa fa 00 00 fa fa fd fd fa fa fd fd\n 0x1c04000026e0: fa fa 00 00 fa fa 00 04 fa fa 00 00 fa fa 00 00\n 0x1c04000026f0: fa fa 00 00 fa fa fd fd fa fa fd fd fa fa fd fd\n 0x1c0400002700: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd\n =>0x1c0400002710: fa fa fd fd fa fa 00 fa fa fa 00 fa fa fa 00[fa]\n 0x1c0400002720: fa fa 00 fa fa fa 00 fa fa fa 00 00 fa fa 00 fa\n 0x1c0400002730: fa fa 00 00 fa fa 00 fa fa fa 00 00 fa fa 00 fa\n 0x1c0400002740: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00\n 0x1c0400002750: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00\n 0x1c0400002760: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00\n Shadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07\n Heap left redzone: fa\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n Left alloca redzone: ca\n Right alloca redzone: cb\n Shadow gap: cc\n ==78958==ABORTING\n #CRASHED - com.apple.WebKit.WebContent.Development (pid 78958)\n \n\n### Timeline\n\n2019-12-11 - Vendor Disclosure \n2020-01-28 - Vendor Patched/Released \n2020-02-12 - Public Release\n\n##### Credit\n\nDiscovered by Marcin Towalski of Cisco Talos.\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2020-0984\n\nPrevious Report\n\nTALOS-2019-0968\n", "edition": 4, "modified": "2020-02-12T00:00:00", "published": "2020-02-12T00:00:00", "id": "TALOS-2019-0967", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0967", "title": "Apple Safari FontFaceSet Remote Code Execution Vulnerability", "type": "talos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2020-04-03T11:39:24", "bulletinFamily": "info", "cvelist": ["CVE-2020-3852", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3885", "CVE-2020-3887", "CVE-2020-9784", "CVE-2020-9787"], "description": "[](<https://thehackernews.com/images/-7jBBB1UzjUs/XocJfKshMoI/AAAAAAAAAL4/oXWPfBoaUq4lIuh9LziSOo8a7hXwnZQfgCLcBGAsYHQ/s728-e100/iphone-camera-hacking.jpg>)\n\nIf you use Apple iPhone or MacBook, here we have a piece of alarming news for you. \n \nTurns out merely visiting a website \u2014 not just malicious but also legitimate sites unknowingly loading malicious ads as well \u2014 using Safari browser could have let remote attackers secretly access your device's camera, microphone, or location, and in some cases, saved passwords as well. \n \nApple recently paid a $75,000 bounty reward to an ethical hacker, [Ryan Pickren](<https://www.ryanpickren.com/webcam-hacking>), who practically demonstrated the hack and helped the company patch a total of seven new vulnerabilities before any real attacker could take advantage of them. \n \nThe fixes were issued in a series of updates to Safari spanning [versions 13.0.5](<https://support.apple.com/en-in/HT210922>) (released January 28, 2020) and [Safari 13.1](<https://support.apple.com/en-in/HT211104>) (published March 24, 2020). \n\n\n \n\"If the malicious website wanted camera access, all it had to do was masquerade as a trusted video-conferencing website such as Skype or Zoom,\" Pickren said. \n \nWhen chained together, three of the reported Safari flaws could have allowed malicious sites to impersonate any legit site a victim trusts and access camera or microphone by abusing the permissions that were otherwise explicitly granted by the victim to the trusted domain only. \n \n\n\n## An Exploit Chain to Abuse Safari's Per-Site Permissions\n\n \nSafari browser grants access to certain permissions such as camera, microphone, location, and more on a [per-website basis](<https://support.apple.com/guide/safari/customize-settings-per-website-ibrw7f78f7fe/mac>). This makes it easy for individual websites, say Skype, to access the camera without asking for the user's permission every time the app is launched. \n \nBut there are exceptions to this rule on iOS. While third-party apps must require user's explicit consent to access the camera, Safari can access the camera or the photo gallery without any permission prompts. \n \nSpecifically, improper access is made possible by leveraging an exploit chain that stringed together multiple flaws in the way the browser [parsed URL schemes](<https://developer.mozilla.org/en-US/docs/Glossary/Origin>) and handled the security settings on a per-website basis. This method only works with websites that are currently open. \n \n\n\n[](<https://thehackernews.com/images/-4e0sr1W0MQU/XocHvZ93nXI/AAAAAAAAALs/wVrTCkgMrCYdkITLm5-TWUpz9Ze9WwdsgCLcBGAsYHQ/s728-e100/hack-iphone-camera.gif>)\n\n \n\"A more important observation was that the URL's scheme is completely ignored,\" Pickren noted. \"This is problematic because some schemes don't contain a meaningful hostname at all, such as file:, javascript:, or data:.\" \n \nPut another way, Safari failed to check if the websites adhered to the same-origin policy, thereby granting access to a different site that shouldn't have obtained permissions in the first place. As a result, a website such as \"https://example.com\" and its malicious counterpart \"fake://example.com\" could end up having the same permissions. \n \nThus, by taking advantage of Safari's lazy hostname parsing, it was possible to use a \"file:\" URI (e.g., file:///path/to/file/index.html) to fool the browser into changing the domain name using JavaScript. \n\n\n \n\"Safari thinks we are on skype.com, and I can load some evil JavaScript. Camera, Microphone, and Screen Sharing are all compromised when you open my local HTML file,\" Pickren said. \n \nThe research found that even plaintext passwords can be stolen this way as Safari uses the same approach to detect websites on which password auto-fill needs to be applied. \n \nFurthermore, auto-download preventions can be bypassed by first opening a trusted site as a pop-up, and subsequently using it to download a malicious file. \n \nLikewise, a \"blob:\" URI (e.g. blob://skype.com) can be exploited to run arbitrary JavaScript code, using it to directly access the victim's webcam without permission. \n \nIn all, the research uncovered seven different zero-day vulnerabilities in Safari \u2014 \n \n \n\n\n * CVE-2020-3852: A URL scheme may be incorrectly ignored when determining multimedia permission for a website\n * CVE-2020-3864: A DOM object context may not have had a unique security origin\n * CVE-2020-3865: A top-level DOM object context may have incorrectly been considered secure\n * CVE-2020-3885: A file URL may be incorrectly processed\n * CVE-2020-3887: A download's origin may be incorrectly associated\n * CVE-2020-9784: A malicious iframe may use another website's download settings\n * CVE-2020-9787: A URL scheme containing dash (-) and period (.) adjacent to each other is incorrectly ignored when determining multimedia permission for a website\n \n \nIf you are a Safari user, it's recommended that you keep the browser up-to-date and ensure websites are granted access to only those settings which are essential for them to function.\n", "modified": "2020-04-03T10:20:07", "published": "2020-04-03T05:00:00", "id": "THN:1D059A29F13AF81A28C2D2770E5CD2E6", "href": "https://thehackernews.com/2020/04/hacking-iphone-macbook-camera.html", "type": "thn", "title": "How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2020-10-15T22:22:01", "bulletinFamily": "info", "cvelist": ["CVE-2020-24400", "CVE-2020-24407", "CVE-2020-3852", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3885", "CVE-2020-3887", "CVE-2020-9784", "CVE-2020-9787"], "description": "A security researcher has disclosed vulnerabilities in Apple\u2019s Safari browser that can be used to snoop on iPhones, iPads and Mac computers using their microphones and cameras. To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one malicious link.\n\n[Security researcher Ryan Pickren](<https://www.ryanpickren.com>) has revealed details on seven flaws in Safari, including three that could be used in a kill chain to access victims\u2019 webcams. The vulnerabilities were previously submitted to Apple via its bug-bounty program and have been patched \u2013 however, technical details of the flaws, including a proof of concept (PoC) attack, were kept under wraps until Pickren\u2019s recent disclosure.\n\n\u201cImagine you are on a popular website when all of a sudden an ad banner hijacks your camera and microphone to spy on you. That is exactly what this vulnerability would have allowed,\u201d said Pickren, in an [analysis of the vulnerabilities last week](<https://www.ryanpickren.com/webcam-hacking-overview>). \u200b\u201dThis vulnerability allowed malicious websites to masquerade as trusted websites when viewed on the desktop version of Safari (like on Mac computers) or mobile Safari (like on iPhones or iPads).\u201d\n\n[](<https://threatpost.com/newsletter-sign/>) \nWhile normally each app must be explicitly granted permissions by users to access devices\u2019 cameras and microphones, Apple\u2019s own apps do not require them, including Safari. Furthermore, new web technologies, including the MediaDevices Web API (an interface providing access to connected media input devices like cameras and microphones, as well as screen sharing), allow certain websites to utilize Safari\u2019s permissions to access the camera directly. Pickren said that this feature is \u201cgreat for web-based video-conferencing apps such as Skype or Zoom. But\u2026 this new web-based camera tech undermines the OS\u2019s native-camera security model.\u201d\n\nWith these issues in mind, Pickren discovered three vulnerabilities in the macOS and iOS versions of Safari 13.0.4 ([CVE-2020-3885](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3885>), [CVE-2020-3887](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3887>), [CVE-2020-9784](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9784>)), which eventually allowed him access to the webcam sans victim permission.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2020/04/06133731/finaldiagram.png>)\n\nClick to Enlarge: Diagram of the attack. Credit: Ryan Pickren\n\nSpecifically, the flaws stem from a perfect storm of small errors in how Safari parses Uniform Resource Identifiers (including URLs/web addresses); manages web origins (origins are defined by the protocol and web domain used) and ports; and initializes secure contexts (a secure context is a window where content has been delivered securely via HTTPS/TLS).\n\nAn attacker could take advantage of these errors by creating a specially crafted URL that would utilize scripts embedded in a malicious site. The URL would be able to trick Safari into thinking an attacker-controlled website is in the \u201csecure context\u201d of a trusted website, such as Zoom or Skype. Safari would then give the attackers behind the link untethered permission to access the webcam via the MediaDevices Web API.\n\n\u201cIf a malicious website strung these issues together, it could use JavaScript to directly access the victim\u2019s webcam without asking for permission,\u201d he said in a [technical walk through](<https://www.ryanpickren.com/webcam-hacking>) of the attack. \u201cAny JavaScript code with the ability to create a popup (such as a standalone website, embedded ad banner, or browser extension) could launch this attack.\u201d Once a user clicks on those website URLs, ad banners or extensions, the permissions to access their camera and microphone would be automatically granted to attackers.\n\nPickren said that he reported the seven flaws (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, and CVE-2020-9787) in December 2019 to Apple as part of their bug-bounty program (which was made [public to the research community](<https://threatpost.com/apples-bug-bounty-opens-1m-payout/151334/>) in December) \u2013 winning the researcher $75,000. [The top reward](<https://threatpost.com/apple-upgrades-bug-bounty-program-adds-macs-1m-reward/147146/>) in the \u201cNetwork Attack without User Interaction: Zero-Click Unauthorized Access to Sensitive Data\u201d category, in which Pickren submitted his findings, is $500,000.\n\nApple patched the webcam vulnerabilities in a [January 28 update](<https://threatpost.com/apple-patches-ios-device-tracking/152364/>) (for Safari version 13.0.5) and the remaining four flaws were patched in [March](<https://support.apple.com/en-us/HT211102>). Threatpost has reached out to Apple for further comment.\n\nThe disclosure comes on the heels of a [separate report last week](<https://threatpost.com/two-zoom-zero-day-flaws-uncovered/154337/>) of two Zoom zero-day flaws in the macOS client version of the web conferencing platform. The Zoom vulnerabilities could give local, unprivileged attackers root privileges, and allow them to access victims\u2019 microphone and camera.\n\n[](<https://attendee.gotowebinar.com/register/7732731543372035596?source=art>)\n\n_**Do you suffer from Password Fatigue? On [Wednesday April 8 at 2 p.m. ET](<https://attendee.gotowebinar.com/register/7732731543372035596?source=art>) join **_**_Duo Security and Threatpost as we explore a [passwordless](<https://attendee.gotowebinar.com/register/7732731543372035596?source=art>) future. This [FREE](<https://attendee.gotowebinar.com/register/7732731543372035596?source=art>) webinar maps out a future where modern authentication standards like WebAuthn significantly reduce a dependency on passwords. We\u2019ll also explore how teaming with Microsoft can reduced reliance on passwords. [Please register here](<https://attendee.gotowebinar.com/register/7732731543372035596?source=art>) and dare to ask, \u201c[Are passwords overrated?](<https://attendee.gotowebinar.com/register/7732731543372035596?source=art>)\u201d in this sponsored webinar. _**\n", "modified": "2020-04-06T18:43:56", "published": "2020-04-06T18:43:56", "id": "THREATPOST:2334EE5F6C03FC3ECE377B9BD44BA4E7", "href": "https://threatpost.com/apple-safari-flaws-webcam-access/154476/", "type": "threatpost", "title": "Apple Safari Flaws Enable One-Click Webcam Access", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-15T22:25:23", "bulletinFamily": "info", "cvelist": ["CVE-2020-3840", "CVE-2020-3868", "CVE-2020-3870", "CVE-2020-3878", "CVE-2020-5135"], "description": "Apple\u2019s latest security fixes, [released Tuesday](<https://support.apple.com/en-us/HT201222>), tackle a wide range of bugs, including several patches for high-risk flaws that could allow for remote code execution (RCE). Of particular interest to privacy-minded iPhone 11 users is an iOS 13.3.1 update that allows users to turn off U1 Ultra-Wideband device tracking.\n\nThe fixes address vulnerabilities in Apple\u2019s Xcode, watchOS, Safari, iTunes for Windows, iOS, iPadOS, macOS and tvOS. The most severe of the bugs include four RCE flaws in Apple TV\u2019s operating system, tvOS \u2013 each rated high-severity.\n\nTracked as [CVE-2020-3868](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175187>), one tvOS RCE bug has a CVSS severity score of 8.8 out of 10, the highest among those patched Tuesday. The bug is tied to multiple memory corruption issues in Apple\u2019s browser engine, WebKit. \u201cBy persuading a victim to visit a specially crafted website, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service,\u201d according [a description of the flaw](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175187>). \n[](<https://threatpost.com/newsletter-sign/>)\n\nThe other tvOS code execution bugs ([CVE-2020-3840](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175191>), [CVE-2020-3870](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175183>), [CVE-2020-3878](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175184>)) all have a CVSS rating of 7.8. Two of the RCE vulnerabilities are tied to Imageio Python libraries tvOS, and the other is tied to Apple\u2019s use of the secure network protocol suite IPSec.\n\n## **Off Switch for Tracking via U1 Ultra Wideband**\n\nLast December, KrebsOnSecurity [first reported a tracking mechanism](<https://krebsonsecurity.com/2019/12/the-iphone-11-pros-location-data-puzzler/>) in the iPhone 11 family of handsets. The tracking took place whether or not an iPhone 11 user turned off the handset\u2019s location services. After some sleuthing by the site\u2019s author, Brian Krebs, he determined the tracking feature was tied to the use of Apple\u2019s own U1 chip, which was introduced in 2019 and used for the first time in iPhone 11S.\n\nThe U1 chips uses Ultra-Wideband technology and aims to improve the performance of Apple services such as AirDrop. The U1 goes so far as to provide precise location and spatial awareness of the iPhone 11\u2019s position relative to other Apple devices in the same room. This allows someone to point their iPhone 11 at another iPhone 11 and have that device automatically show up at the top of the AirDrop list for transferring files \u2013 no manual discovery needed.\n\nUsers voiced concerns that the new chip allowed for tracking iPhone 11 users\u2019 locations. To address the issue, Apple has now added a switch to disable location tracking for networking and wireless functions. With the release of iOS 13.3.1, users can now turn off the tracking feature, either when turning off location services or selectively. To turn it off, users can go to Settings > Privacy > Location Services > System Services.\n\nTuesday\u2019s security updates come on the heels of several staggered iOS 13 updates. In their wake, Apple has faced criticism for what critics see as a piecemeal release of the OS. Last month Apple updated the OS to iOS 13.3, which marked the third update to the iOS and iPadOS 13 since it debuted in on Sept. 19. Since iOS 13\u2019s release, Apple has also had to issue a number of security patches, including ones for a [keyboard bug](<https://threatpost.com/bug-granting-full-access-keyboards/148638/>) and a [lock-screen bypass flaw](<https://threatpost.com/iphone-ios-13-lockscreen-bypass/148332/>).\n", "modified": "2020-01-29T22:09:30", "published": "2020-01-29T22:09:30", "id": "THREATPOST:ABBA6B89522F29EE1F01F3D010F46FC0", "href": "https://threatpost.com/apple-patches-ios-device-tracking/152364/", "type": "threatpost", "title": "Apple Security Updates Tackle iOS Device Tracking, RCE Flaws", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2020-03-15T08:35:52", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8815", "CVE-2019-8844", "CVE-2019-8769", "CVE-2019-8782", "CVE-2019-8726", "CVE-2019-8822", "CVE-2019-8743", "CVE-2019-8707", "CVE-2019-8820", "CVE-2019-8808", "CVE-2019-8771", "CVE-2019-8763", "CVE-2019-8821", "CVE-2019-8816", "CVE-2019-8674", "CVE-2019-8819", "CVE-2020-3865", "CVE-2019-8735", "CVE-2019-8764", "CVE-2019-8823", "CVE-2019-8846", "CVE-2020-3862", "CVE-2019-8766", "CVE-2019-8720", "CVE-2020-3867", "CVE-2019-8813", "CVE-2019-8719", "CVE-2019-8811", "CVE-2019-8733", "CVE-2019-8765", "CVE-2019-8835", "CVE-2019-8625", "CVE-2019-8783", "CVE-2019-8710", "CVE-2019-8812", "CVE-2020-3864", "CVE-2019-8768", "CVE-2019-8814", "CVE-2020-3868"], "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. \n\n### Description\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker could execute arbitrary code, cause a Denial of Service condition, bypass intended memory-read restrictions, conduct a timing side-channel attack to bypass the Same Origin Policy or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WebkitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.26.4\"", "edition": 1, "modified": "2020-03-15T00:00:00", "published": "2020-03-15T00:00:00", "id": "GLSA-202003-22", "href": "https://security.gentoo.org/glsa/202003-22", "title": "WebkitGTK+: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2020-11-04T02:31:41", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-11793", "CVE-2020-14391", "CVE-2020-15503", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "description": "GNOME is the default desktop environment of Red Hat Enterprise Linux.\n\nThe following packages have been upgraded to a later upstream version: gnome-remote-desktop (0.1.8), pipewire (0.3.6), vte291 (0.52.4), webkit2gtk3 (2.28.4), xdg-desktop-portal (1.6.0), xdg-desktop-portal-gtk (1.6.0). (BZ#1775345, BZ#1779691, BZ#1817143, BZ#1832347, BZ#1837406)\n\nSecurity Fix(es):\n\n* webkitgtk: Multiple security issues (CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-10018, CVE-2020-11793)\n\n* gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391)\n\n* LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.", "modified": "2020-11-04T05:03:54", "published": "2020-11-03T17:05:56", "id": "RHSA-2020:4451", "href": "https://access.redhat.com/errata/RHSA-2020:4451", "type": "redhat", "title": "(RHSA-2020:4451) Moderate: GNOME security, bug fix, and enhancement update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-11T08:30:34", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20843", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16935", "CVE-2019-19221", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20218", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-5018", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-11793", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15503", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-1971", "CVE-2020-24659", "CVE-2020-27831", "CVE-2020-27832", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-7595", "CVE-2020-8492", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "description": "This release of Red Hat Quay v3.3.3 includes:\n\nSecurity Update(s):\n\n* quay: persistent XSS in repository notification display (CVE-2020-27832)\n\n* quay: email notifications authorization bypass (CVE-2020-27831)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug Fix(es):\n* NVD feed fixed in Clair-v2 (clair-jwt image)", "modified": "2021-01-11T12:30:20", "published": "2021-01-11T12:29:40", "id": "RHSA-2021:0050", "href": "https://access.redhat.com/errata/RHSA-2021:0050", "type": "redhat", "title": "(RHSA-2021:0050) Moderate: Red Hat Quay v3.3.3 bug fix and security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-19T14:38:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20843", "CVE-2019-11068", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-1551", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16935", "CVE-2019-17450", "CVE-2019-18197", "CVE-2019-19221", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20218", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-5018", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-11793", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15503", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-1971", "CVE-2020-24659", "CVE-2020-27813", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-7595", "CVE-2020-8177", "CVE-2020-8492", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\nThe compliance-operator image updates are now available for OpenShift Container Platform 4.6.\n\nSecurity Fix(es):\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Aggregator pod tries to parse ConfigMaps without results (BZ#1899479)\n\n* The compliancesuite object returns error with ocp4-cis tailored profile (BZ#1902251)\n\n* The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object (BZ#1902634)\n\n* [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object (BZ#1907414)\n\n* The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator (BZ#1908991)\n\n* Applying the \"rhcos4-moderate\" compliance profile leads to Ignition error \"something else exists at that path\" (BZ#1909081)\n\n* [OCP v46] Always update the default profilebundles on Compliance operator startup (BZ#1909122)", "modified": "2021-01-19T18:35:34", "published": "2021-01-19T18:29:21", "id": "RHSA-2021:0190", "href": "https://access.redhat.com/errata/RHSA-2021:0190", "type": "redhat", "title": "(RHSA-2021:0190) Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-16T14:33:10", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20843", "CVE-2019-11068", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-1551", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16935", "CVE-2019-18197", "CVE-2019-19221", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20218", "CVE-2019-20386", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-5018", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-11793", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15503", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-1971", "CVE-2020-24659", "CVE-2020-28362", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-7595", "CVE-2020-8177", "CVE-2020-8492", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThe compliance-operator image updates are now available for OpenShift Container Platform 4.6.\n\nThis advisory provides the following updates among others:\n\n* Enhances profile parsing time.\n* Fixes excessive resource consumption from the Operator.\n* Fixes default content image.\n* Fixes outdated remediation handling.\n\nSecurity Fix(es):\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-02-16T18:11:50", "published": "2021-02-16T18:11:07", "id": "RHSA-2021:0436", "href": "https://access.redhat.com/errata/RHSA-2021:0436", "type": "redhat", "title": "(RHSA-2021:0436) Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-07T18:05:35", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11070", "CVE-2019-6237", "CVE-2019-6251", "CVE-2019-8506", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8551", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563", "CVE-2019-8571", "CVE-2019-8583", "CVE-2019-8584", "CVE-2019-8586", "CVE-2019-8587", "CVE-2019-8594", "CVE-2019-8595", "CVE-2019-8596", "CVE-2019-8597", "CVE-2019-8601", "CVE-2019-8607", "CVE-2019-8608", "CVE-2019-8609", "CVE-2019-8610", "CVE-2019-8611", "CVE-2019-8615", "CVE-2019-8619", "CVE-2019-8622", "CVE-2019-8623", "CVE-2019-8625", "CVE-2019-8644", "CVE-2019-8649", "CVE-2019-8658", "CVE-2019-8666", "CVE-2019-8669", "CVE-2019-8671", "CVE-2019-8672", "CVE-2019-8673", "CVE-2019-8674", "CVE-2019-8676", "CVE-2019-8677", "CVE-2019-8678", "CVE-2019-8679", "CVE-2019-8680", "CVE-2019-8681", "CVE-2019-8683", "CVE-2019-8684", "CVE-2019-8686", "CVE-2019-8687", "CVE-2019-8688", "CVE-2019-8689", "CVE-2019-8690", "CVE-2019-8707", "CVE-2019-8710", "CVE-2019-8719", "CVE-2019-8720", "CVE-2019-8726", "CVE-2019-8733", "CVE-2019-8735", "CVE-2019-8743", "CVE-2019-8763", "CVE-2019-8764", "CVE-2019-8765", "CVE-2019-8766", "CVE-2019-8768", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8821", "CVE-2019-8822", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-11793", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902"], "description": "WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3.\n\nThe following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144)\n\nSecurity Fix(es):\n\n* webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.", "modified": "2020-09-29T13:42:35", "published": "2020-09-29T11:53:27", "id": "RHSA-2020:4035", "href": "https://access.redhat.com/errata/RHSA-2020:4035", "type": "redhat", "title": "(RHSA-2020:4035) Moderate: webkitgtk4 security, bug fix, and enhancement update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-02T18:46:36", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20843", "CVE-2019-13050", "CVE-2019-13225", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16935", "CVE-2019-17450", "CVE-2019-17546", "CVE-2019-19221", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20218", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-3884", "CVE-2019-5018", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-11793", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14040", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15157", "CVE-2020-15503", "CVE-2020-15999", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-1971", "CVE-2020-24659", "CVE-2020-24750", "CVE-2020-25211", "CVE-2020-25658", "CVE-2020-29652", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3898", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-7595", "CVE-2020-8492", "CVE-2020-8566", "CVE-2020-8619", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2021-3121"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.7.0. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHEA-2020:5633\n\nAll OpenShift Container Platform users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n-between-minor.html#understanding-upgrade-channels_updating-cluster-between\n-minor.", "modified": "2021-03-02T22:28:43", "published": "2021-02-24T19:47:52", "id": "RHSA-2020:5635", "href": "https://access.redhat.com/errata/RHSA-2020:5635", "type": "redhat", "title": "(RHSA-2020:5635) Moderate: OpenShift Container Platform 4.7.0 extras and security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-17T07:29:46", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-20843", "CVE-2019-11068", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-1551", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16935", "CVE-2019-18197", "CVE-2019-18609", "CVE-2019-19221", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20218", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-5018", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-11793", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14019", "CVE-2020-14040", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15503", "CVE-2020-15586", "CVE-2020-16845", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-25660", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-7595", "CVE-2020-7720", "CVE-2020-8177", "CVE-2020-8237", "CVE-2020-8492", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "description": "Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.\n\nThese updated images include numerous security fixes, bug fixes, and enhancements. \n\nSecurity Fix(es):\n\n* nodejs-node-forge: prototype pollution via the util.setPath function (CVE-2020-7720)\n\n* nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS (CVE-2020-8237)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nUsers are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.6/html/4.6_release_notes/index\n\nAll Red Hat OpenShift Container Storage users are advised to upgrade to\nthese updated images.", "modified": "2020-12-17T10:36:03", "published": "2020-12-17T10:33:21", "id": "RHSA-2020:5605", "href": "https://access.redhat.com/errata/RHSA-2020:5605", "type": "redhat", "title": "(RHSA-2020:5605) Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-16T00:30:26", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-20843", "CVE-2019-11068", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14559", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16935", "CVE-2019-17450", "CVE-2019-18197", "CVE-2019-19221", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20218", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-5018", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-11793", "CVE-2020-12321", "CVE-2020-12400", "CVE-2020-12403", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14040", "CVE-2020-14351", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15503", "CVE-2020-15586", "CVE-2020-15999", "CVE-2020-16845", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-1971", "CVE-2020-24659", "CVE-2020-25681", "CVE-2020-25682", "CVE-2020-25683", "CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686", "CVE-2020-25687", "CVE-2020-25705", "CVE-2020-26160", "CVE-2020-27813", "CVE-2020-28362", "CVE-2020-29652", "CVE-2020-29661", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-6829", "CVE-2020-7595", "CVE-2020-8492", "CVE-2020-8619", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624", "CVE-2020-9283", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2021-20206", "CVE-2021-3121", "CVE-2021-3156"], "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 2.6.0 images:\n\nRHEL-8-CNV-2.6\n==============\nkubevirt-cpu-node-labeller-container-v2.6.0-5\nkubevirt-cpu-model-nfd-plugin-container-v2.6.0-5\nnode-maintenance-operator-container-v2.6.0-13\nkubevirt-vmware-container-v2.6.0-5\nvirtio-win-container-v2.6.0-5\nkubevirt-kvm-info-nfd-plugin-container-v2.6.0-5\nbridge-marker-container-v2.6.0-9\nkubevirt-template-validator-container-v2.6.0-9\nkubevirt-v2v-conversion-container-v2.6.0-6\nkubemacpool-container-v2.6.0-13\nkubevirt-ssp-operator-container-v2.6.0-40\nhyperconverged-cluster-webhook-container-v2.6.0-73\nhyperconverged-cluster-operator-container-v2.6.0-73\novs-cni-plugin-container-v2.6.0-10\ncnv-containernetworking-plugins-container-v2.6.0-10\novs-cni-marker-container-v2.6.0-10\ncluster-network-addons-operator-container-v2.6.0-16\nhostpath-provisioner-container-v2.6.0-11\nhostpath-provisioner-operator-container-v2.6.0-14\nvm-import-virtv2v-container-v2.6.0-21\nkubernetes-nmstate-handler-container-v2.6.0-19\nvm-import-controller-container-v2.6.0-21\nvm-import-operator-container-v2.6.0-21\nvirt-api-container-v2.6.0-111\nvirt-controller-container-v2.6.0-111\nvirt-handler-container-v2.6.0-111\nvirt-operator-container-v2.6.0-111\nvirt-launcher-container-v2.6.0-111\ncnv-must-gather-container-v2.6.0-54\nvirt-cdi-importer-container-v2.6.0-24\nvirt-cdi-cloner-container-v2.6.0-24\nvirt-cdi-controller-container-v2.6.0-24\nvirt-cdi-uploadserver-container-v2.6.0-24\nvirt-cdi-apiserver-container-v2.6.0-24\nvirt-cdi-uploadproxy-container-v2.6.0-24\nvirt-cdi-operator-container-v2.6.0-24\nhco-bundle-registry-container-v2.6.0-582\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-03-10T13:48:38", "published": "2021-03-10T13:47:39", "id": "RHSA-2021:0799", "href": "https://access.redhat.com/errata/RHSA-2021:0799", "type": "redhat", "title": "(RHSA-2021:0799) Moderate: OpenShift Virtualization 2.6.0 security and bug fix update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-02T02:28:48", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14553", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-20843", "CVE-2019-11068", "CVE-2019-12614", "CVE-2019-13050", "CVE-2019-13225", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-15903", "CVE-2019-15917", "CVE-2019-15925", "CVE-2019-16167", "CVE-2019-16168", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-16935", "CVE-2019-17450", "CVE-2019-17546", "CVE-2019-18197", "CVE-2019-18808", "CVE-2019-18809", "CVE-2019-19046", "CVE-2019-19056", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19068", "CVE-2019-19072", "CVE-2019-19221", "CVE-2019-19319", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19524", "CVE-2019-19533", "CVE-2019-19537", "CVE-2019-19543", "CVE-2019-19602", "CVE-2019-19767", "CVE-2019-19770", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20054", "CVE-2019-20218", "CVE-2019-20386", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20636", "CVE-2019-20807", "CVE-2019-20812", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-3884", "CVE-2019-5018", "CVE-2019-6977", "CVE-2019-6978", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2019-9455", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-0444", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-10732", "CVE-2020-10749", "CVE-2020-10751", "CVE-2020-10763", "CVE-2020-10773", "CVE-2020-10774", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-11668", "CVE-2020-11793", "CVE-2020-12465", "CVE-2020-12655", "CVE-2020-12659", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-13249", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14019", "CVE-2020-14040", "CVE-2020-14381", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15157", "CVE-2020-15503", "CVE-2020-15862", "CVE-2020-15999", "CVE-2020-16166", "CVE-2020-1716", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-1971", "CVE-2020-24490", "CVE-2020-24659", "CVE-2020-25211", "CVE-2020-25641", "CVE-2020-25658", "CVE-2020-25661", "CVE-2020-25662", "CVE-2020-25681", "CVE-2020-25682", "CVE-2020-25683", "CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686", "CVE-2020-25687", "CVE-2020-25694", "CVE-2020-25696", "CVE-2020-2574", "CVE-2020-26160", "CVE-2020-2752", "CVE-2020-27813", "CVE-2020-27846", "CVE-2020-28362", "CVE-2020-2922", "CVE-2020-29652", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3898", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-7595", "CVE-2020-7774", "CVE-2020-8177", "CVE-2020-8492", "CVE-2020-8563", "CVE-2020-8566", "CVE-2020-8619", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2021-2007", "CVE-2021-26539", "CVE-2021-3121"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2020:5634\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64\n\nThe image digest is sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-s390x\n\nThe image digest is sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le\n\nThe image digest is sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.\n\nSecurity Fix(es):\n\n* crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)\n\n* kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563)\n\n* containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)\n\n* heketi: gluster-block volume password details available in logs (CVE-2020-10763)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-03-02T06:56:45", "published": "2021-02-24T19:49:26", "id": "RHSA-2020:5633", "href": "https://access.redhat.com/errata/RHSA-2020:5633", "type": "redhat", "title": "(RHSA-2020:5633) Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2020-11-12T03:35:06", "bulletinFamily": "unix", "cvelist": ["CVE-2019-8815", "CVE-2020-3899", "CVE-2019-8844", "CVE-2020-10018", "CVE-2019-8769", "CVE-2020-3902", "CVE-2019-8782", "CVE-2020-9803", "CVE-2019-8743", "CVE-2020-3885", "CVE-2020-9862", "CVE-2019-8820", "CVE-2020-9805", "CVE-2020-3895", "CVE-2020-9894", "CVE-2019-8808", "CVE-2020-9806", "CVE-2019-8771", "CVE-2020-14391", "CVE-2019-8816", "CVE-2020-11793", "CVE-2019-8819", "CVE-2020-3865", "CVE-2020-9925", "CVE-2020-15503", "CVE-2020-3897", "CVE-2019-8764", "CVE-2019-8823", "CVE-2020-9895", "CVE-2019-8846", "CVE-2020-9802", "CVE-2020-3862", "CVE-2019-8766", "CVE-2019-8720", "CVE-2020-3867", "CVE-2019-8813", "CVE-2020-3901", "CVE-2020-3900", "CVE-2020-9850", "CVE-2019-8811", "CVE-2020-9807", "CVE-2019-8835", "CVE-2019-8625", "CVE-2020-9893", "CVE-2020-9843", "CVE-2020-9915", "CVE-2019-8783", "CVE-2020-3894", "CVE-2019-8710", "CVE-2019-8812", "CVE-2020-3864", "CVE-2019-8814", "CVE-2020-3868"], "description": "dleyna-renderer\n[0.6.0-3]\n- Add a manual\nResolves: #1612579\nfrei0r-plugins\n[1.6.1-7]\n- Rebuild with newer annobin to fix rpmdiff problems\n- Fix the build with a newer opencv\n- Resolves: rhbz#1703994\ngdm\n[3.28.3-34]\n- Fix file descriptor leak\n Resolves: #1877853\n[3.28.3-33]\n- Fix problem with Xorg fallback\n Resolves: #1868260\n[3.28.3-32]\n- Add dconf db to file manifest\n Related: #1833158\n[3.28.3-31]\n- add back gdm system db to dconf profile\n Resolves: #1833158\n[3.28.3-30]\n- Make sure login screen is killed during login\n Resolves: #1618481\ngnome-control-center\n[3.28.2-22]\n- Categorize Infiniband devices correctly\n Resolves: #1826379\n[3.28.2-21]\n- Honor sound theme changes when changing from the default theme\n- Resolves: #1706008\n[3.28.2-20]\n- Fix 90min automatic sleep option to not last 80min\n- Resolves: #1706076\ngnome-photos\n[3.28.1-3]\n- Disable Python 2 during the build - itstool doesnt need it anymore\nResolves: #1597806\n[3.28.1-2]\n- rebuild\ngnome-remote-desktop\n[0.1.8-3]\n- Backport cursor only frame fixes\n Related: #1837406\n[0.1.8-2]\n- Dont crash on metadata only buffers\n Resolves: #1847062\n[0.1.8-1]\n- Rebase to 0.1.8\n Resolves: #1837406\ngnome-session\n[3.28.1-10.0.1]\n- Update kiosk-session subpackage with Oracle references [Orabug: 32095108]\n[3.28.1-10]\n- Show cursor explicitly from session selector\n Resolves: #1624430\n[3.28.1-9]\n- Add kiosk-session subpackage to help users set up RHEL for\n kiosk/point-of-sale use.\n Resolves: #1739556\ngnome-settings-daemon\n[3.32.0-11]\n- Remove subman plugin for now\n Resolves: #1872457\n[3.32.0-10]\n- Disable subman plugin on CentOS\n Resolves: #1827030\ngnome-shell\n[3.32.2-20]\n- Fix popupMenu keynav when NumLock is active\n Resolves: #1840080\n[3.32.2-19]\n- Fix last backport\n Resolves: #1847051\n[3.32.2-18]\n- Fix more spurious allocation warnings\n Resolves: #1715845\n[3.32.2-17]\n- Really allow using perf-tool on wayland\n Resolves: #1652178\n- Fix timed login without user list\n Resolves: #1668895\n- Fix HighContrast/symbolic icon mixup\n Resolves: #1794045\n- Backport introspect API changes\n Resolves: #1837413\n[3.32.2-16]\n- Drop bad upstream patch\n Resolves: #1820760\n[3.32.2-15]\n- Improve performance under load\n Resolves: #1820760\ngnome-shell-extensions\n[3.32.1-11]\n- Adjust dash-to-dock for classic backports\n Resolves: #1805929\n- Fix inconsistent state in window-list prefs dialog\n Resolves: #1824362\ngnome-terminal\n[3.28.3-2]\n- Add a manual\n- Resolves: #1612688\ngsettings-desktop-schemas\n[3.32.0-5]\n- Recommend DejaVu Sans Mono font as the default monospace font\n Resolves: #1656262\ngtk3\n[3.22.30-6]\n- Fix reuse of list box header widgets (#rhbz1843486)\ngtk-doc\n[1.28-2]\n- Backport a patch to fix x86_64/i686 differences in generated documentation\n- Resolves: #1634770\ngvfs\n[1.36.2-10]\n- Fix libusb(x) requirements (rhbz#1866332)\n[1.36.2-9]\n- Improve enumeration performance of smb backend (rhbz#1569868)\nLibRaw\n[0.19.5-2]\n- Backport fix for CVE-2020-15503 from Fedora\nResolves: #1853529\nlibsoup\n[2.62.3-2]\n- Some WebSocket fixes to unbreak cockpit-desktop (rhbz#1872270)\nmutter\n[3.32.2-48]\n- Fix GLX stereo buffer rebase error\n Resolves: #1880339\n[3.32.2-47]\n- Fix screen sharing on wayland\n Resolves: #1873963\n[3.32.2-46]\n- Handle cursor only screen cast frames better\n Related: #1837381\n[3.32.2-45]\n- Handle GPU unplug gracefully\n Resolves: #1846191\n[3.32.2-44]\n- Dont show widow actor until explictly shown\n Resolves: #1719937\n[3.32.2-43]\n- Only treat WM_PROTOCOLS messages as WM_PROTOCOL messages\n Resolves: #1847203\n[3.32.2-42]\n- Dont pass DMA buffers if they cant be mmap():ed\n Related: #1847062\n[3.32.2-41]\n- Backport is_rendering_hardware_acclerated() API\n Related: #1837381\n[3.32.2-40]\n- Fix DMA buffer memory leak\n Related: #1837381\n[3.32.2-39]\n- Fix incorrect pipewire dependency version\n Related: #1837381\n[3.32.2-38]\n- Backport screen cast and remote desktop improvements\n Resolves: #1837381\n[3.32.2-37]\n- Fix corrupted background after suspend\n Resolves: #1828162\nnautilus\n[3.28.1-14]\n- Fix broken tracker query under certain locales (rhbz#1847061)\n[3.28.1-13]\n- Clear selection if any files dont match the pattern (rhbz#1207179)\n- Fix endless content size calculations (rhbz#1566027)\n- Honor umask when creating new files (rhbz#1778579)\n- Close 'There is no application...' dialog after response (rhbz#1816070)\nPackageKit\n[1.1.12-6.0.1]\n- removed rhel-Vendor.conf.patch\n[1.1.12-6]\n- Fix documentation links in Vendor.conf\n- Resolves: #1837648\n[1.1.12-5]\n- Do not shutdown the daemon on idle\n- Resolves: #1814820\npipewire0.2\n[0.2.7-6]\n- Fix Conflicts: line\n- Remove Recommends: line, its wrong\n- Resolves: rhbz#1832347\n[0.2.7-5]\n- Fix Conflicts: line\n- Resolves: rhbz#1832347\n[0.2.7-4]\n- Add gating file\n- Resolves: rhbz#1832347\n[0.2.7-3]\n- Change source URL\n- Resolves: rhbz#1832347\n[0.2.7-2]\n- Add compat -devel package\n[0.2.7-1]\n- First version\n- Fix bluez5 plugins build\npipewire\n[0.3.6-1]\n- Update to 0.3.6\n- Resolves: rhbz#1832347\n[0.3.5-3]\n- Rebuild\n- Resolves: rhbz#1832347\n[0.3.5-2]\n- Disable vulkan\n- Resolves: rhbz#1832347\n[0.3.5-1]\n- Update to 0.3.5\n- Disable pulse and jack\n- Add patch to work with meson 0.49\n- Add patch to fix neon compilation\n- Resolves: rhbz#1832347\npotrace\n[1.15-3]\n- Fixing build for flatpak (rhbz#1840788)\npygobject3\n[3.28.3-2]\n- Add lock to avoid two type object wrappers getting generated at\n the same time in multi-threaded programs.\n Resolves: #1844578\ntracker\n[2.1.5-2]\n- Rebuild to include tracker-devel in CRB\n- Resolves: #1758891\nvte291\n[0.52.4-2]\n- Avoid overriding -fno-exceptions\nResolves: #1804719\n[0.52.4-1]\n- Update to 0.52.4\nResolves: #1804719\nwebkit2gtk3\n[2.28.4-1]\n- Update to 2.28.4\n- Related: #1817143\n[2.28.2-2]\n- Related: rhbz#1817143 Properly remove webkit2gtk3-plugin-process-gtk2 package\n[2.28.2-1]\n- Resolves: rhbz#1817143 Update to 2.28.2\nwebrtc-audio-processing\n[0.3-9]\n- Rebuild to address Annobin coverage issues\nResolves: #1704148\nxdg-desktop-portal\n[1.6.0-2]\n- Require pipewire0.2-libs for legacy application support.\n Resolves: #1854734\n[1.6.0-1]\n- Rebase to 1.6.0 (#1775345)\n- Backport PipeWire 0.3 support (#1775345)\n- Backport fixes (#1775345)\nxdg-desktop-portal-gtk\n[1.6.0-1]\n- Rebase to 1.6.0 (#1837413)\n- Bump supported Mutter screen cast API version (#1837413)\n- Backport bugfix (#1837413)", "edition": 1, "modified": "2020-11-10T00:00:00", "published": "2020-11-10T00:00:00", "id": "ELSA-2020-4451", "href": "http://linux.oracle.com/errata/ELSA-2020-4451.html", "title": "GNOME security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-07T06:44:59", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11070", "CVE-2019-8681", "CVE-2019-8669", "CVE-2019-8815", "CVE-2020-3899", "CVE-2019-8844", "CVE-2020-10018", "CVE-2019-8608", "CVE-2019-8563", "CVE-2019-8769", "CVE-2020-3902", "CVE-2019-8782", "CVE-2019-8506", "CVE-2019-8610", "CVE-2019-8559", "CVE-2019-8726", "CVE-2019-8822", "CVE-2019-8743", "CVE-2019-8707", "CVE-2020-3885", "CVE-2019-8677", "CVE-2019-8584", "CVE-2019-8558", "CVE-2019-8649", "CVE-2019-8820", "CVE-2019-8586", "CVE-2019-8587", "CVE-2020-3895", "CVE-2019-8808", "CVE-2019-8771", "CVE-2019-8763", "CVE-2019-8821", "CVE-2019-8816", "CVE-2019-8688", "CVE-2019-8674", "CVE-2020-11793", "CVE-2019-8551", "CVE-2019-8819", "CVE-2020-3865", "CVE-2019-8594", "CVE-2019-8622", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-8679", "CVE-2019-8680", "CVE-2019-8611", "CVE-2020-3897", "CVE-2019-8735", "CVE-2019-8764", "CVE-2019-8823", "CVE-2019-8673", "CVE-2019-8601", "CVE-2019-8607", "CVE-2019-8687", "CVE-2019-8846", "CVE-2019-8672", "CVE-2020-3862", "CVE-2019-6237", "CVE-2019-8583", "CVE-2019-8658", "CVE-2019-8678", "CVE-2019-8766", "CVE-2019-8720", "CVE-2019-8676", "CVE-2020-3867", "CVE-2019-8596", "CVE-2019-8813", "CVE-2019-8535", "CVE-2020-3901", "CVE-2019-8536", "CVE-2019-8686", "CVE-2020-3900", "CVE-2019-8644", "CVE-2019-8719", "CVE-2019-8811", "CVE-2019-8619", "CVE-2019-8733", "CVE-2019-8683", "CVE-2019-8615", "CVE-2019-8671", "CVE-2019-8765", "CVE-2019-8835", "CVE-2019-8625", "CVE-2019-8690", "CVE-2019-8571", "CVE-2019-8524", "CVE-2019-8783", "CVE-2019-8684", "CVE-2020-3894", "CVE-2019-8689", "CVE-2019-8710", "CVE-2019-8812", "CVE-2019-8597", "CVE-2020-3864", "CVE-2019-8768", "CVE-2019-8623", "CVE-2019-8814", "CVE-2020-3868", "CVE-2019-8609", "CVE-2019-8595", "CVE-2019-8666"], "description": "[2.28.2-2]\n- Resolves: rhbz#1817144 Rebuild to support ppc and s390\n[2.28.2-1]\n- Resolves: rhbz#1817144 Rebase to 2.28.2", "edition": 1, "modified": "2020-10-06T00:00:00", "published": "2020-10-06T00:00:00", "id": "ELSA-2020-4035", "href": "http://linux.oracle.com/errata/ELSA-2020-4035.html", "title": "webkitgtk4 security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-12T01:22:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11070", "CVE-2019-8681", "CVE-2019-8669", "CVE-2019-8815", "CVE-2020-3899", "CVE-2019-8844", "CVE-2020-10018", "CVE-2019-8608", "CVE-2019-8563", "CVE-2019-8769", "CVE-2020-3902", "CVE-2019-8782", "CVE-2019-8506", "CVE-2019-8610", "CVE-2019-8559", "CVE-2019-8726", "CVE-2019-8822", "CVE-2019-8743", "CVE-2019-8707", "CVE-2020-3885", "CVE-2019-8677", "CVE-2019-8584", "CVE-2019-8558", "CVE-2019-8649", "CVE-2019-8820", "CVE-2019-8586", "CVE-2019-8587", "CVE-2020-3895", "CVE-2019-8808", "CVE-2019-8771", "CVE-2019-8763", "CVE-2019-8821", "CVE-2019-8816", "CVE-2019-8688", "CVE-2019-8674", "CVE-2020-11793", "CVE-2019-8551", "CVE-2019-8819", "CVE-2020-3865", "CVE-2019-8594", "CVE-2019-8622", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-8679", "CVE-2019-8680", "CVE-2019-8611", "CVE-2020-3897", "CVE-2019-8735", "CVE-2019-8764", "CVE-2019-8823", "CVE-2019-8673", "CVE-2019-8601", "CVE-2019-8607", "CVE-2019-8687", "CVE-2019-8846", "CVE-2019-8672", "CVE-2020-3862", "CVE-2019-6237", "CVE-2019-8583", "CVE-2019-8658", "CVE-2018-8383", "CVE-2019-8678", "CVE-2019-8766", "CVE-2019-8720", "CVE-2019-8676", "CVE-2020-3867", "CVE-2019-8596", "CVE-2019-8813", "CVE-2019-8535", "CVE-2020-3901", "CVE-2019-8536", "CVE-2019-8686", "CVE-2020-3900", "CVE-2019-8644", "CVE-2019-8719", "CVE-2019-8811", "CVE-2019-8619", "CVE-2019-8733", "CVE-2019-8683", "CVE-2019-8615", "CVE-2019-8671", "CVE-2019-8765", "CVE-2019-8835", "CVE-2019-8625", "CVE-2019-8690", "CVE-2019-8571", "CVE-2019-8524", "CVE-2019-8783", "CVE-2019-8684", "CVE-2020-3894", "CVE-2019-8689", "CVE-2019-8710", "CVE-2019-8812", "CVE-2019-8597", "CVE-2020-3864", "CVE-2019-8768", "CVE-2019-8623", "CVE-2019-8814", "CVE-2020-3868", "CVE-2019-8609", "CVE-2019-8595", "CVE-2019-8666"], "description": "**Issue Overview:**\n\nWebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. ([CVE-2019-11070 __](<https://access.redhat.com/security/cve/CVE-2019-11070>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-6237 __](<https://access.redhat.com/security/cve/CVE-2019-6237>))\n\nWebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the [CVE-2018-8383 __](<https://access.redhat.com/security/cve/CVE-2018-8383>) issue in Microsoft Edge. ([CVE-2019-6251 __](<https://access.redhat.com/security/cve/CVE-2019-6251>))\n\nA type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8506 __](<https://access.redhat.com/security/cve/CVE-2019-8506>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8524 __](<https://access.redhat.com/security/cve/CVE-2019-8524>))\n\nA memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8535 __](<https://access.redhat.com/security/cve/CVE-2019-8535>))\n\nA memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8536 __](<https://access.redhat.com/security/cve/CVE-2019-8536>))\n\nA memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8544 __](<https://access.redhat.com/security/cve/CVE-2019-8544>))\n\nA logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8551 __](<https://access.redhat.com/security/cve/CVE-2019-8551>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8558 __](<https://access.redhat.com/security/cve/CVE-2019-8558>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8559 __](<https://access.redhat.com/security/cve/CVE-2019-8559>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8563 __](<https://access.redhat.com/security/cve/CVE-2019-8563>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8571 __](<https://access.redhat.com/security/cve/CVE-2019-8571>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8583 __](<https://access.redhat.com/security/cve/CVE-2019-8583>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8584 __](<https://access.redhat.com/security/cve/CVE-2019-8584>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8586 __](<https://access.redhat.com/security/cve/CVE-2019-8586>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8587 __](<https://access.redhat.com/security/cve/CVE-2019-8587>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8594 __](<https://access.redhat.com/security/cve/CVE-2019-8594>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8595 __](<https://access.redhat.com/security/cve/CVE-2019-8595>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8596 __](<https://access.redhat.com/security/cve/CVE-2019-8596>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8597 __](<https://access.redhat.com/security/cve/CVE-2019-8597>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8601 __](<https://access.redhat.com/security/cve/CVE-2019-8601>))\n\nAn out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory. ([CVE-2019-8607 __](<https://access.redhat.com/security/cve/CVE-2019-8607>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8608 __](<https://access.redhat.com/security/cve/CVE-2019-8608>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8609 __](<https://access.redhat.com/security/cve/CVE-2019-8609>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8610 __](<https://access.redhat.com/security/cve/CVE-2019-8610>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8611 __](<https://access.redhat.com/security/cve/CVE-2019-8611>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8615 __](<https://access.redhat.com/security/cve/CVE-2019-8615>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8619 __](<https://access.redhat.com/security/cve/CVE-2019-8619>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8622 __](<https://access.redhat.com/security/cve/CVE-2019-8622>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8623 __](<https://access.redhat.com/security/cve/CVE-2019-8623>))\n\nA logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8625 __](<https://access.redhat.com/security/cve/CVE-2019-8625>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8644 __](<https://access.redhat.com/security/cve/CVE-2019-8644>))\n\nA logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8649 __](<https://access.redhat.com/security/cve/CVE-2019-8649>))\n\nA logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8658 __](<https://access.redhat.com/security/cve/CVE-2019-8658>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8666 __](<https://access.redhat.com/security/cve/CVE-2019-8666>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8669 __](<https://access.redhat.com/security/cve/CVE-2019-8669>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8671 __](<https://access.redhat.com/security/cve/CVE-2019-8671>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8672 __](<https://access.redhat.com/security/cve/CVE-2019-8672>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8673 __](<https://access.redhat.com/security/cve/CVE-2019-8673>))\n\nA logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8674 __](<https://access.redhat.com/security/cve/CVE-2019-8674>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8676 __](<https://access.redhat.com/security/cve/CVE-2019-8676>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8677 __](<https://access.redhat.com/security/cve/CVE-2019-8677>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8678 __](<https://access.redhat.com/security/cve/CVE-2019-8678>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8679 __](<https://access.redhat.com/security/cve/CVE-2019-8679>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8680 __](<https://access.redhat.com/security/cve/CVE-2019-8680>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8681 __](<https://access.redhat.com/security/cve/CVE-2019-8681>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8683 __](<https://access.redhat.com/security/cve/CVE-2019-8683>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8684 __](<https://access.redhat.com/security/cve/CVE-2019-8684>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8686 __](<https://access.redhat.com/security/cve/CVE-2019-8686>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8687 __](<https://access.redhat.com/security/cve/CVE-2019-8687>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8688 __](<https://access.redhat.com/security/cve/CVE-2019-8688>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8689 __](<https://access.redhat.com/security/cve/CVE-2019-8689>))\n\nA logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8690 __](<https://access.redhat.com/security/cve/CVE-2019-8690>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8707 __](<https://access.redhat.com/security/cve/CVE-2019-8707>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8710 __](<https://access.redhat.com/security/cve/CVE-2019-8710>))\n\nA logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8719 __](<https://access.redhat.com/security/cve/CVE-2019-8719>))\n\nThis fixes a remote code execution in webkitgtk4. No further details are available in NIST. ([CVE-2019-8720 __](<https://access.redhat.com/security/cve/CVE-2019-8720>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8726 __](<https://access.redhat.com/security/cve/CVE-2019-8726>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8733 __](<https://access.redhat.com/security/cve/CVE-2019-8733>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8735 __](<https://access.redhat.com/security/cve/CVE-2019-8735>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8743 __](<https://access.redhat.com/security/cve/CVE-2019-8743>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8763 __](<https://access.redhat.com/security/cve/CVE-2019-8763>))\n\nA logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8764 __](<https://access.redhat.com/security/cve/CVE-2019-8764>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8765 __](<https://access.redhat.com/security/cve/CVE-2019-8765>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8766 __](<https://access.redhat.com/security/cve/CVE-2019-8766>))\n\n\"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. ([CVE-2019-8768 __](<https://access.redhat.com/security/cve/CVE-2019-8768>))\n\nAn issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. ([CVE-2019-8769 __](<https://access.redhat.com/security/cve/CVE-2019-8769>))\n\nThis issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. ([CVE-2019-8771 __](<https://access.redhat.com/security/cve/CVE-2019-8771>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8782 __](<https://access.redhat.com/security/cve/CVE-2019-8782>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8783 __](<https://access.redhat.com/security/cve/CVE-2019-8783>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8808 __](<https://access.redhat.com/security/cve/CVE-2019-8808>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8811 __](<https://access.redhat.com/security/cve/CVE-2019-8811>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8812 __](<https://access.redhat.com/security/cve/CVE-2019-8812>))\n\nA logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2019-8813 __](<https://access.redhat.com/security/cve/CVE-2019-8813>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8814 __](<https://access.redhat.com/security/cve/CVE-2019-8814>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8815 __](<https://access.redhat.com/security/cve/CVE-2019-8815>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8816 __](<https://access.redhat.com/security/cve/CVE-2019-8816>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8819 __](<https://access.redhat.com/security/cve/CVE-2019-8819>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8820 __](<https://access.redhat.com/security/cve/CVE-2019-8820>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8821 __](<https://access.redhat.com/security/cve/CVE-2019-8821>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8822 __](<https://access.redhat.com/security/cve/CVE-2019-8822>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8823 __](<https://access.redhat.com/security/cve/CVE-2019-8823>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8835 __](<https://access.redhat.com/security/cve/CVE-2019-8835>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8844 __](<https://access.redhat.com/security/cve/CVE-2019-8844>))\n\nA use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2019-8846 __](<https://access.redhat.com/security/cve/CVE-2019-8846>))\n\nWebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. ([CVE-2020-10018 __](<https://access.redhat.com/security/cve/CVE-2020-10018>))\n\nA use-after-free flaw exists in WebKitGTK. This flaw allows remote attackers to execute arbitrary code or cause a denial of service. ([CVE-2020-11793 __](<https://access.redhat.com/security/cve/CVE-2020-11793>))\n\nA denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. ([CVE-2020-3862 __](<https://access.redhat.com/security/cve/CVE-2020-3862>))\n\nA logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. ([CVE-2020-3864 __](<https://access.redhat.com/security/cve/CVE-2020-3864>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2020-3865 __](<https://access.redhat.com/security/cve/CVE-2020-3865>))\n\nA logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting. ([CVE-2020-3867 __](<https://access.redhat.com/security/cve/CVE-2020-3867>))\n\nMultiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2020-3868 __](<https://access.redhat.com/security/cve/CVE-2020-3868>))\n\nA logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. ([CVE-2020-3885 __](<https://access.redhat.com/security/cve/CVE-2020-3885>))\n\nA race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. ([CVE-2020-3894 __](<https://access.redhat.com/security/cve/CVE-2020-3894>))\n\nA memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2020-3895 __](<https://access.redhat.com/security/cve/CVE-2020-3895>))\n\nA type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. ([CVE-2020-3897 __](<https://access.redhat.com/security/cve/CVE-2020-3897>))\n\nA memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. ([CVE-2020-3899 __](<https://access.redhat.com/security/cve/CVE-2020-3899>))\n\nA memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2020-3900 __](<https://access.redhat.com/security/cve/CVE-2020-3900>))\n\nA type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. ([CVE-2020-3901 __](<https://access.redhat.com/security/cve/CVE-2020-3901>))\n\nAn input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack. ([CVE-2020-3902 __](<https://access.redhat.com/security/cve/CVE-2020-3902>))\n\n \n**Affected Packages:** \n\n\nwebkitgtk4\n\n \n**Issue Correction:** \nRun _yum update webkitgtk4_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n webkitgtk4-2.28.2-2.amzn2.0.1.aarch64 \n webkitgtk4-devel-2.28.2-2.amzn2.0.1.aarch64 \n webkitgtk4-jsc-2.28.2-2.amzn2.0.1.aarch64 \n webkitgtk4-jsc-devel-2.28.2-2.amzn2.0.1.aarch64 \n webkitgtk4-debuginfo-2.28.2-2.amzn2.0.1.aarch64 \n \n i686: \n webkitgtk4-2.28.2-2.amzn2.0.1.i686 \n webkitgtk4-devel-2.28.2-2.amzn2.0.1.i686 \n webkitgtk4-jsc-2.28.2-2.amzn2.0.1.i686 \n webkitgtk4-jsc-devel-2.28.2-2.amzn2.0.1.i686 \n webkitgtk4-debuginfo-2.28.2-2.amzn2.0.1.i686 \n \n noarch: \n webkitgtk4-doc-2.28.2-2.amzn2.0.1.noarch \n \n src: \n webkitgtk4-2.28.2-2.amzn2.0.1.src \n \n x86_64: \n webkitgtk4-2.28.2-2.amzn2.0.1.x86_64 \n webkitgtk4-devel-2.28.2-2.amzn2.0.1.x86_64 \n webkitgtk4-jsc-2.28.2-2.amzn2.0.1.x86_64 \n webkitgtk4-jsc-devel-2.28.2-2.amzn2.0.1.x86_64 \n webkitgtk4-debuginfo-2.28.2-2.amzn2.0.1.x86_64 \n \n \n", "edition": 1, "modified": "2020-11-09T21:05:00", "published": "2020-11-09T21:05:00", "id": "ALAS2-2020-1563", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1563.html", "title": "Medium: webkitgtk4", "type": "amazon", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-10-20T23:11:38", "bulletinFamily": "unix", "cvelist": ["CVE-2019-11070", "CVE-2019-8681", "CVE-2019-8669", "CVE-2019-8815", "CVE-2020-3899", "CVE-2019-8844", "CVE-2020-10018", "CVE-2019-8608", "CVE-2019-8563", "CVE-2019-8769", "CVE-2020-3902", "CVE-2019-8782", "CVE-2019-8506", "CVE-2019-8610", "CVE-2019-8559", "CVE-2019-8726", "CVE-2019-8822", "CVE-2019-8743", "CVE-2019-8707", "CVE-2020-3885", "CVE-2019-8677", "CVE-2019-8584", "CVE-2019-8558", "CVE-2019-8649", "CVE-2019-8820", "CVE-2019-8586", "CVE-2019-8587", "CVE-2020-3895", "CVE-2019-8808", "CVE-2019-8771", "CVE-2019-8763", "CVE-2019-8821", "CVE-2019-8816", "CVE-2019-8688", "CVE-2019-8674", "CVE-2020-11793", "CVE-2019-8551", "CVE-2019-8819", "CVE-2020-3865", "CVE-2019-8594", "CVE-2019-8622", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-8679", "CVE-2019-8680", "CVE-2019-8611", "CVE-2020-3897", "CVE-2019-8735", "CVE-2019-8764", "CVE-2019-8823", "CVE-2019-8673", "CVE-2019-8601", "CVE-2019-8607", "CVE-2019-8687", "CVE-2019-8846", "CVE-2019-8672", "CVE-2020-3862", "CVE-2019-6237", "CVE-2019-8583", "CVE-2019-8658", "CVE-2019-8678", "CVE-2019-8766", "CVE-2019-8720", "CVE-2019-8676", "CVE-2020-3867", "CVE-2019-8596", "CVE-2019-8813", "CVE-2019-8535", "CVE-2020-3901", "CVE-2019-8536", "CVE-2019-8686", "CVE-2020-3900", "CVE-2019-8644", "CVE-2019-8719", "CVE-2019-8811", "CVE-2019-8619", "CVE-2019-8733", "CVE-2019-8683", "CVE-2019-8615", "CVE-2019-8671", "CVE-2019-8765", "CVE-2019-8835", "CVE-2019-8625", "CVE-2019-8690", "CVE-2019-8571", "CVE-2019-8524", "CVE-2019-8783", "CVE-2019-8684", "CVE-2020-3894", "CVE-2019-8689", "CVE-2019-8710", "CVE-2019-8812", "CVE-2019-8597", "CVE-2020-3864", "CVE-2019-8768", "CVE-2019-8623", "CVE-2019-8814", "CVE-2020-3868", "CVE-2019-8609", "CVE-2019-8595", "CVE-2019-8666"], "description": "**CentOS Errata and Security Advisory** CESA-2020:4035\n\n\nWebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3.\n\nThe following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144)\n\nSecurity Fix(es):\n\n* webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2020-October/012864.html\n\n**Affected packages:**\nwebkitgtk4\nwebkitgtk4-devel\nwebkitgtk4-doc\nwebkitgtk4-jsc\nwebkitgtk4-jsc-devel\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-10-20T19:07:36", "published": "2020-10-20T19:07:36", "id": "CESA-2020:4035", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2020-October/012864.html", "title": "webkitgtk4 security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}