Oval Definition:	oval:org.opensuse.security:def:2743
Revision Date: 2020-12-02 Version: 1 Title: Security update for webkit2gtk3 (Moderate) Description: This update for webkit2gtk3 to version 2.22.6 fixes the following issues (boo#1124937 boo#1119558): Security vulnerabilities fixed: - CVE-2018-4437: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119553) - CVE-2018-4438: Processing maliciously crafted web content may lead to arbitrary code execution. A logic issue existed resulting in memory corruption. This was addressed with improved state management. (boo#1119554) - CVE-2018-4441: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119555) - CVE-2018-4442: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119556) - CVE-2018-4443: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119557) - CVE-2018-4464: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119558) - CVE-2019-6212: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. - CVE-2019-6215: Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling. - CVE-2019-6216: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. - CVE-2019-6217: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. - CVE-2019-6226: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. - CVE-2019-6227: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. - CVE-2019-6229: Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue was addressed with improved validation. - CVE-2019-6233: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. - CVE-2019-6234: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. Other bug fixes and changes: - Make kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour. - Fix Web inspector magnifier under Wayland. - Fix garbled rendering of some websites (e.g. YouTube) while scrolling under X11. - Fix several crashes, race conditions, and rendering issues. For a detailed list of changes, please refer to: - https://webkitgtk.org/security/WSA-2019-0001.html - https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html - https://webkitgtk.org/security/WSA-2018-0009.html - https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html Family: unix Class: patch Status: Reference(s): 1096726 1100523 1100687 1108606 1115717 1119553 1119554 1119555 1119556 1119557 1119558 1121624 1121626 1124211 1125113 1125230 1125330 1125433 1126768 1127987 1129821 1130262 1136981 1136986 1136992 1137792 1137930 1138614 1159329 1159922 1159923 1159924 1159927 1161719 1163809 985657 CVE-2016-3189 CVE-2018-13440 CVE-2018-13785 CVE-2018-15587 CVE-2018-15664 CVE-2018-17000 CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2018-19210 CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 CVE-2019-11707 CVE-2019-12447 CVE-2019-12448 CVE-2019-12449 CVE-2019-12795 CVE-2019-5785 CVE-2019-6128 CVE-2019-6212 CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234 CVE-2019-7317 CVE-2019-7663 CVE-2019-8375 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 SUSE-SU-2019:0497-1 SUSE-SU-2019:0786-1 SUSE-SU-2019:0871-1 SUSE-SU-2019:0890-1 SUSE-SU-2019:0940-1 SUSE-SU-2019:1206-2 SUSE-SU-2019:1266-2 SUSE-SU-2019:1398-2 SUSE-SU-2019:1562-1 SUSE-SU-2019:1629-1 SUSE-SU-2019:1717-1 SUSE-SU-2020:0101-1 SUSE-SU-2020:0468-1 Platform(s): SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Build System Kit 12 SP1 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise High Availability 12 SP2 SUSE Linux Enterprise High Availability 12 SP3 SUSE Linux Enterprise High Availability 12 SP4 SUSE Linux Enterprise High Availability 15 SP1 SUSE Linux Enterprise Module for additional PackageHub packages 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for High Performance Computing 15 SUSE Linux Enterprise Module for High Performance Computing 15 SP1 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Legacy Software 15 SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Python2 packages 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP1-CLIENT-TOOLS SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for VMWare 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP3 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 Product(s): Definition Synopsis SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND python-pymongo-2.6.3-2 is installed Definition Synopsis SUSE Linux Enterprise Build System Kit 12 SP1 is installed AND Package Information krb5-mini-1.12.1-25.1 is installed OR krb5-mini-devel-1.12.1-25.1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information avahi-0.6.31-20 is installed OR avahi-lang-0.6.31-20 is installed OR libavahi-client3-0.6.31-20 is installed OR libavahi-client3-32bit-0.6.31-20 is installed OR libavahi-common3-0.6.31-20 is installed OR libavahi-common3-32bit-0.6.31-20 is installed OR libavahi-core7-0.6.31-20 is installed OR libdns_sd-0.6.31-20 is installed OR libdns_sd-32bit-0.6.31-20 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information bind-libs-9.9.6P1-30 is installed OR bind-libs-32bit-9.9.6P1-30 is installed OR bind-utils-9.9.6P1-30 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information strongswan-5.1.3-26.5 is installed OR strongswan-doc-5.1.3-26.5 is installed OR strongswan-ipsec-5.1.3-26.5 is installed OR strongswan-libs0-5.1.3-26.5 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information MozillaFirefox-52.2.0esr-108 is installed OR MozillaFirefox-translations-52.2.0esr-108 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND perl-Config-IniFiles-2.82-3 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP2 is installed AND lighttpd-1.4.35-1 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP3 is installed AND ctdb-4.6.5+git.27.6afd48b1083-2 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP4 is installed AND conntrack-tools-1.4.2-5 is installed Definition Synopsis SUSE Linux Enterprise High Availability 15 SP1 is installed AND Package Information cluster-md-kmp-default-4.12.14-197.7 is installed OR dlm-kmp-default-4.12.14-197.7 is installed OR gfs2-kmp-default-4.12.14-197.7 is installed OR kernel-default-4.12.14-197.7 is installed OR ocfs2-kmp-default-4.12.14-197.7 is installed Definition Synopsis SUSE Linux Enterprise Module for additional PackageHub packages 15 is installed AND Package Information postgresql10-10.9-4.13 is installed OR postgresql10-test-10.9-4.13 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information typelib-1_0-JavaScriptCore-4_0-2.22.6-3.18 is installed OR typelib-1_0-WebKit2-4_0-2.22.6-3.18 is installed OR typelib-1_0-WebKit2WebExtension-4_0-2.22.6-3.18 is installed OR webkit2gtk3-2.22.6-3.18 is installed OR webkit2gtk3-devel-2.22.6-3.18 is installed Definition Synopsis SUSE Linux Enterprise Module for High Performance Computing 15 is installed AND Package Information python-numpy_1_16_1-gnu-hpc-1.16.1-4.8 is installed OR python2-numpy-gnu-hpc-1.16.1-4.8 is installed OR python2-numpy-gnu-hpc-devel-1.16.1-4.8 is installed OR python3-numpy-gnu-hpc-1.16.1-4.8 is installed OR python3-numpy-gnu-hpc-devel-1.16.1-4.8 is installed Definition Synopsis SUSE Linux Enterprise Module for High Performance Computing 15 SP1 is installed AND Package Information libslurm32-17.11.13-6.18 is installed OR slurm-17.11.13-6.18 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 is installed AND Package Information java-1_8_0-openjdk-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-demo-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-devel-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-headless-1.8.0.171-3.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed AND Package Information kernel-default-4.12.14-197.4 is installed OR reiserfs-kmp-default-4.12.14-197.4 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-25_3-default-2-2 is installed OR kernel-livepatch-SLE15_Update_1-2-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-livepatch-4_12_14-195-default-3-7 is installed OR kernel-livepatch-SLE15-SP1_Update_0-3-7 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND Package Information MozillaFirefox-60.6.1-3.29 is installed OR MozillaFirefox-branding-upstream-60.6.1-3.29 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND Package Information bzip2-1.0.6-5.3 is installed OR bzip2-doc-1.0.6-5.3 is installed OR libbz2-devel-32bit-1.0.6-5.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information MozillaThunderbird-68.8.0-3.80 is installed OR MozillaThunderbird-translations-common-68.8.0-3.80 is installed OR MozillaThunderbird-translations-other-68.8.0-3.80 is installed Definition Synopsis SUSE Linux Enterprise Module for Public Cloud 15 is installed AND Package Information kernel-azure-4.12.14-5.41 is installed OR kernel-azure-base-4.12.14-5.41 is installed OR kernel-azure-devel-4.12.14-5.41 is installed OR kernel-devel-azure-4.12.14-5.41 is installed OR kernel-source-azure-4.12.14-5.41 is installed OR kernel-syms-azure-4.12.14-5.41 is installed Definition Synopsis SUSE Linux Enterprise Module for Python2 packages 15 SP1 is installed AND Package Information python-requests-2.20.1-6.3 is installed OR python2-requests-2.20.1-6.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information util-linux-systemd-2.31.1-9.3 is installed OR uuidd-2.31.1-9.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 12 is installed AND Package Information apache2-mod_php5-5.5.14-4 is installed OR php5-5.5.14-4 is installed OR php5-bcmath-5.5.14-4 is installed OR php5-bz2-5.5.14-4 is installed OR php5-calendar-5.5.14-4 is installed OR php5-ctype-5.5.14-4 is installed OR php5-curl-5.5.14-4 is installed OR php5-dba-5.5.14-4 is installed OR php5-dom-5.5.14-4 is installed OR php5-enchant-5.5.14-4 is installed OR php5-exif-5.5.14-4 is installed OR php5-fastcgi-5.5.14-4 is installed OR php5-fileinfo-5.5.14-4 is installed OR php5-fpm-5.5.14-4 is installed OR php5-ftp-5.5.14-4 is installed OR php5-gd-5.5.14-4 is installed OR php5-gettext-5.5.14-4 is installed OR php5-gmp-5.5.14-4 is installed OR php5-iconv-5.5.14-4 is installed OR php5-intl-5.5.14-4 is installed OR php5-json-5.5.14-4 is installed OR php5-ldap-5.5.14-4 is installed OR php5-mbstring-5.5.14-4 is installed OR php5-mcrypt-5.5.14-4 is installed OR php5-mysql-5.5.14-4 is installed OR php5-odbc-5.5.14-4 is installed OR php5-openssl-5.5.14-4 is installed OR php5-pcntl-5.5.14-4 is installed OR php5-pdo-5.5.14-4 is installed OR php5-pear-5.5.14-4 is installed OR php5-pgsql-5.5.14-4 is installed OR php5-pspell-5.5.14-4 is installed OR php5-shmop-5.5.14-4 is installed OR php5-snmp-5.5.14-4 is installed OR php5-soap-5.5.14-4 is installed OR php5-sockets-5.5.14-4 is installed OR php5-sqlite-5.5.14-4 is installed OR php5-suhosin-5.5.14-4 is installed OR php5-sysvmsg-5.5.14-4 is installed OR php5-sysvsem-5.5.14-4 is installed OR php5-sysvshm-5.5.14-4 is installed OR php5-tokenizer-5.5.14-4 is installed OR php5-wddx-5.5.14-4 is installed OR php5-xmlreader-5.5.14-4 is installed OR php5-xmlrpc-5.5.14-4 is installed OR php5-xmlwriter-5.5.14-4 is installed OR php5-xsl-5.5.14-4 is installed OR php5-zip-5.5.14-4 is installed OR php5-zlib-5.5.14-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-1 is installed OR aaa_base-extras-13.2+git20140911.61c1681-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information cups-1.7.5-9 is installed OR cups-client-1.7.5-9 is installed OR cups-libs-1.7.5-9 is installed OR cups-libs-32bit-1.7.5-9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information openvpn-2.3.8-16.6 is installed OR openvpn-auth-pam-plugin-2.3.8-16.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information MozillaFirefox-52.2.0esr-108 is installed OR MozillaFirefox-translations-52.2.0esr-108 is installed Definition Synopsis SUSE Linux Enterprise Server 12-LTSS is installed AND Package Information MozillaFirefox-45.5.0esr-88.1 is installed OR MozillaFirefox-translations-45.5.0esr-88.1 is installed OR libfreebl3-3.21.3-50.1 is installed OR libfreebl3-32bit-3.21.3-50.1 is installed OR libfreebl3-hmac-3.21.3-50.1 is installed OR libfreebl3-hmac-32bit-3.21.3-50.1 is installed OR libsoftokn3-3.21.3-50.1 is installed OR libsoftokn3-32bit-3.21.3-50.1 is installed OR libsoftokn3-hmac-3.21.3-50.1 is installed OR libsoftokn3-hmac-32bit-3.21.3-50.1 is installed OR mozilla-nss-3.21.3-50.1 is installed OR mozilla-nss-32bit-3.21.3-50.1 is installed OR mozilla-nss-certs-3.21.3-50.1 is installed OR mozilla-nss-certs-32bit-3.21.3-50.1 is installed OR mozilla-nss-sysinit-3.21.3-50.1 is installed OR mozilla-nss-sysinit-32bit-3.21.3-50.1 is installed OR mozilla-nss-tools-3.21.3-50.1 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 is installed AND Package Information libjavascriptcoregtk-1_0-0-2.2.7-3 is installed OR libwebkit2gtk-3_0-25-2.2.7-3 is installed OR libwebkitgtk-1_0-0-2.2.7-3 is installed OR libwebkitgtk-devel-2.2.7-3 is installed OR libwebkitgtk3-devel-2.2.7-3 is installed OR typelib-1_0-JavaScriptCore-1_0-2.2.7-3 is installed OR typelib-1_0-JavaScriptCore-3_0-2.2.7-3 is installed OR typelib-1_0-WebKit-1_0-2.2.7-3 is installed OR typelib-1_0-WebKit-3_0-2.2.7-3 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP2 is installed AND Package Information libblkid-devel-2.28-40.28 is installed OR libmount-devel-2.28-40.28 is installed OR libsmartcols-devel-2.28-40.28 is installed OR libuuid-devel-2.28-40.28 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information bluez-5.48-5.8 is installed OR bluez-cups-5.48-5.8 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information MozillaThunderbird-60.7.0-3.33 is installed OR MozillaThunderbird-translations-common-60.7.0-3.33 is installed OR MozillaThunderbird-translations-other-60.7.0-3.33 is installed
BACK