Lucene search

K
suse
SuseOPENSUSE-SU-2019:2591-1
HistoryNov 30, 2019 - 12:00 a.m.

Security update for webkit2gtk3 (important)

2019-11-3000:00:00
lists.opensuse.org
117

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

An update that fixes 42 vulnerabilities is now available.

Description:

This update for webkit2gtk3 to version 2.26.2 fixes the following issues:

Webkit2gtk3 was updated to version 2.26.2 (WSA-2019-0005 and
WSA-2019-0006, bsc#1155321 bsc#1156318)

Security issues addressed:

  • CVE-2019-8625: Fixed a logic issue where by processing maliciously
    crafted web content may lead to universal cross site scripting.
  • CVE-2019-8674: Fixed a logic issue where by processing maliciously
    crafted web content may lead to universal cross site scripting.
  • CVE-2019-8707: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8719: Fixed a logic issue where by processing maliciously
    crafted web content may lead to universal cross site scripting.
  • CVE-2019-8720: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8726: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8733: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8735: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8763: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8768: Fixed an issue where a user may be unable to delete
    browsing history items.
  • CVE-2019-8769: Fixed an issue where a maliciously crafted website may
    reveal browsing history.
  • CVE-2019-8771: Fixed an issue where a maliciously crafted web content
    may violate iframe sandboxing policy.
  • CVE-2019-8710: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8743: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8764: Fixed a logic issue where by processing maliciously
    crafted web content may lead to universal cross site scripting.
  • CVE-2019-8765: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8766: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8782: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8783: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8808: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8811: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8812: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8813: Fixed a logic issue where by processing maliciously
    crafted web content may lead to universal cross site scripting.
  • CVE-2019-8814: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8815: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8816: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8819: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8820: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8821: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8822: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.
  • CVE-2019-8823: Fixed multiple memory corruption issues where by
    processing maliciously crafted web content may lead to arbitrary code
    execution.

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or β€œzypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.1:

    zypper in -t patch openSUSE-2019-2591=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.1i586< - openSUSE Leap 15.1 (i586 x86_64):- openSUSE Leap 15.1 (i586 x86_64):.i586.rpm
openSUSE Leap15.1x86_64< - openSUSE Leap 15.1 (i586 x86_64):- openSUSE Leap 15.1 (i586 x86_64):.x86_64.rpm
openSUSE Leap15.1x86_64< - openSUSE Leap 15.1 (x86_64):- openSUSE Leap 15.1 (x86_64):.x86_64.rpm
openSUSE Leap15.1noarch< - openSUSE Leap 15.1 (noarch):- openSUSE Leap 15.1 (noarch):.noarch.rpm
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

Related for OPENSUSE-SU-2019:2591-1