Lucene search

K
suseSuseOPENSUSE-SU-2018:2781-1
HistorySep 21, 2018 - 3:08 p.m.

Security update for webkit2gtk3 (moderate)

2018-09-2115:08:10
lists.opensuse.org
83

0.007 Low

EPSS

Percentile

77.5%

This update for webkit2gtk3 to version 2.20.5 fixes the following issues:

Security issue fixed:

  • CVE-2018-12911: Fix off-by-one in xdg_mime_get_simple_globs
    (bsc#1101999).
  • CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264,
    CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processing
    maliciously crafted web content may lead to arbitrary code execution. A
    memory corruption issue was addressed with improved memory handling.
  • CVE-2018-4266: A malicious website may be able to cause a denial of
    service. A race condition was addressed with additional validation.
  • CVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing maliciously
    crafted web content may lead to an unexpected application crash. A
    memory corruption issue was addressed with improved input validation.
  • CVE-2018-4278: A malicious website may exfiltrate audio data
    cross-origin. Sound fetched through audio elements may be exfiltrated
    cross-origin. This issue was addressed with improved audio taint
    tracking.

Other bugs fixed:

  • Fix rendering artifacts in some web sites due to a bug introduced in
    2.20.4.
  • Fix a crash when leaving accelerated compositing mode.
  • Fix non-deterministic build failure due to missing
    JavaScriptCore/JSContextRef.h.

This update was imported from the SUSE:SLE-15:Update update project.

0.007 Low

EPSS

Percentile

77.5%

Related for OPENSUSE-SU-2018:2781-1