SuseOPENSUSE-SU-2019:0309-1Security update for webkit2gtk3 (important)
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.698 Medium
EPSS
Percentile
97.7%
An update that fixes 9 vulnerabilities is now available.
Description:
This update for webkit2gtk3 to version 2.22.6 fixes the following issues:
Security issues fixed:
- CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which
could allow arbitrary code execution during the processing
of special crafted web-content. - CVE-2019-6215: Fixed a type confusion vulnerability which could allow
arbitrary code execution during the processing
of special crafted web-content. - CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which
could allow arbitrary code execution during the processing
of special crafted web-content. - CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which
could allow arbitrary code execution during the processing
of special crafted web-content. - CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which
could allow arbitrary code execution during the processing
of special crafted web-content. - CVE-2019-6227: Fixed a memory corruption vulnerability which could allow
arbitrary code execution during the processing
of special crafted web-content. - CVE-2019-6229: Fixed a logic issue by improving validation which could
allow arbitrary code execution during the processing
of special crafted web-content. - CVE-2019-6233: Fixed a memory corruption vulnerability which could allow
arbitrary code execution during the processing
of special crafted web-content. - CVE-2019-6234: Fixed a memory corruption vulnerability which could allow
arbitrary code execution during the processing
of special crafted web-content.
Other issues addressed:
- Update to version 2.22.6 (bsc#1124937).
- Kinetic scrolling slow down smoothly when reaching the ends of pages,
instead of abruptly, to better match the GTK+ behaviour. - Fixed Web inspector magnifier under Wayland.
- Fixed garbled rendering of some websites (e.g. YouTube) while scrolling
under X11. - Fixed several crashes, race conditions, and rendering issues.
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-309=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 42.3 | i586 | < - openSUSE Leap 42.3 (i586 x86_64): | - openSUSE Leap 42.3 (i586 x86_64):.i586.rpm | |
| openSUSE Leap | 42.3 | x86_64 | < - openSUSE Leap 42.3 (i586 x86_64): | - openSUSE Leap 42.3 (i586 x86_64):.x86_64.rpm | |
| openSUSE Leap | 42.3 | x86_64 | < - openSUSE Leap 42.3 (x86_64): | - openSUSE Leap 42.3 (x86_64):.x86_64.rpm | |
| openSUSE Leap | 42.3 | noarch | < - openSUSE Leap 42.3 (noarch): | - openSUSE Leap 42.3 (noarch):.noarch.rpm |
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.698 Medium
EPSS
Percentile
97.7%