Oval Definition:oval:org.opensuse.security:def:50304
Revision Date:2020-12-01Version:1
Title:Security update for webkit2gtk3 (Moderate)
Description:

This update for webkit2gtk3 to version 2.20.5 fixes the following issues:

Security issue fixed:

- CVE-2018-12911: Fix off-by-one in xdg_mime_get_simple_globs (bsc#1101999). - CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. - CVE-2018-4266: A malicious website may be able to cause a denial of service. A race condition was addressed with additional validation. - CVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing maliciously crafted web content may lead to an unexpected application crash. A memory corruption issue was addressed with improved input validation. - CVE-2018-4278: A malicious website may exfiltrate audio data cross-origin. Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.

Other bugs fixed:

- Fix rendering artifacts in some web sites due to a bug introduced in 2.20.4. - Fix a crash when leaving accelerated compositing mode. - Fix non-deterministic build failure due to missing JavaScriptCore/JSContextRef.h.
Family:unixClass:patch
Status:Reference(s):1013721
1013732
1058115
1065600
1065729
1071995
1074701
1083548
1085030
1085235
1085308
1087078
1087082
1094912
1100394
1101999
1102640
1103098
1104169
1105412
1111666
1112178
1113956
1115015
1115022
1115025
1118599
1118832
1119396
1120163
1125230
1126711
1126713
1126821
1126823
1126827
1127122
1128722
1128883
1128886
1128887
1128889
1128892
1129032
1132837
1132838
1133021
1134322
1136666
1144333
1145579
1145580
1145582
1149121
1149792
1149955
1150003
1150250
1151490
1152148
1153165
1153238
1154217
1159913
1163524
1165629
1165631
1166965
1169790
1170232
1171558
1171688
1171988
1172073
1172108
1172247
1172418
1172428
1172781
1172782
1172783
1172871
1172872
1172873
1172963
1173060
1173485
1173798
1173902
1173954
1173994
1173998
1174003
1174026
1174070
1174161
1174205
1174247
1174298
1174299
1174387
1174484
1174547
1174549
1174550
1174625
1174658
1174685
1174689
1174699
1174734
1174757
1174771
1174840
1174841
1174843
1174844
1174845
1174852
1174873
1174887
1174904
1174926
1174968
1175062
1175063
1175064
1175065
1175066
1175067
1175112
1175127
1175128
1175149
1175199
1175213
1175228
1175232
1175284
1175393
1175394
1175396
1175397
1175398
1175399
1175400
1175401
1175402
1175403
1175404
1175405
1175406
1175407
1175408
1175409
1175410
1175411
1175412
1175413
1175414
1175415
1175416
1175417
1175418
1175419
1175420
1175421
1175422
1175423
1175440
1175493
1175515
1175518
1175526
1175550
1175654
1175666
1175667
1175668
1175669
1175670
1175691
1175767
1175768
1175769
1175770
1175771
1175772
1175786
1175873
1175992
1176069
1177613
CVE-2016-9800
CVE-2016-9801
CVE-2018-12911
CVE-2018-15587
CVE-2018-16843
CVE-2018-16844
CVE-2018-16845
CVE-2018-19869
CVE-2018-19935
CVE-2018-20783
CVE-2018-4261
CVE-2018-4262
CVE-2018-4263
CVE-2018-4264
CVE-2018-4265
CVE-2018-4266
CVE-2018-4267
CVE-2018-4270
CVE-2018-4271
CVE-2018-4272
CVE-2018-4273
CVE-2018-4278
CVE-2018-4284
CVE-2018-5391
CVE-2019-11034
CVE-2019-11035
CVE-2019-11036
CVE-2019-14853
CVE-2019-14859
CVE-2019-1547
CVE-2019-1563
CVE-2019-16056
CVE-2019-16935
CVE-2019-5108
CVE-2019-9020
CVE-2019-9021
CVE-2019-9022
CVE-2019-9023
CVE-2019-9024
CVE-2019-9511
CVE-2019-9513
CVE-2019-9516
CVE-2019-9637
CVE-2019-9638
CVE-2019-9639
CVE-2019-9640
CVE-2019-9641
CVE-2019-9675
CVE-2020-10135
CVE-2020-13753
CVE-2020-14314
CVE-2020-14314
CVE-2020-14318
CVE-2020-14323
CVE-2020-14331
CVE-2020-14331
CVE-2020-14356
CVE-2020-14356
CVE-2020-14383
CVE-2020-14386
CVE-2020-16166
CVE-2020-16166
CVE-2020-1749
CVE-2020-24394
CVE-2020-24394
CVE-2020-9802
CVE-2020-9803
CVE-2020-9805
CVE-2020-9806
CVE-2020-9807
CVE-2020-9843
CVE-2020-9850
SUSE-SU-2018:2752-1
SUSE-SU-2018:4189-1
SUSE-SU-2019:0706-1
SUSE-SU-2019:1266-2
SUSE-SU-2019:1461-1
SUSE-SU-2019:2309-1
SUSE-SU-2019:2410-1
SUSE-SU-2019:2802-1
SUSE-SU-2019:2891-1
SUSE-SU-2020:2541-1
SUSE-SU-2020:2579-1
Platform(s):SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for Basesystem 15
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Module for Live Patching 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Module for Public Cloud 15
SUSE Linux Enterprise Module for Public Cloud 15 SP1
SUSE Linux Enterprise Module for Python2 packages 15 SP1
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Module for Server Applications 15 SP1
SUSE Linux Enterprise Module for Web Scripting 15
SUSE Linux Enterprise Module for Web Scripting 15 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Workstation Extension 15 SP1
SUSE Linux Enterprise Workstation Extension 15 SP2
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 6-LTSS
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • MozillaFirefox-10.0.11-0.3 is installed
  • OR MozillaFirefox-translations-10.0.11-0.3 is installed
  • OR libfreebl3-3.14-0.3 is installed
  • OR libfreebl3-32bit-3.14-0.3 is installed
  • OR mozilla-nss-3.14-0.3 is installed
  • OR mozilla-nss-32bit-3.14-0.3 is installed
  • OR mozilla-nss-tools-3.14-0.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • MozillaFirefox-17.0.9esr-0.7 is installed
  • OR MozillaFirefox-translations-17.0.9esr-0.7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • coreutils-8.22-5 is installed
  • OR coreutils-lang-8.22-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • DirectFB-1.7.1-4 is installed
  • OR lib++dfb-1_7-1-1.7.1-4 is installed
  • OR libdirectfb-1_7-1-1.7.1-4 is installed
  • OR libdirectfb-1_7-1-32bit-1.7.1-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND cvs-1.12.12-181 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • freerdp-2.0.0~git.1463131968.4e66df7-11 is installed
  • OR libfreerdp2-2.0.0~git.1463131968.4e66df7-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • cups-filters-1.0.58-19.2 is installed
  • OR cups-filters-cups-browsed-1.0.58-19.2 is installed
  • OR cups-filters-foomatic-rip-1.0.58-19.2 is installed
  • OR cups-filters-ghostscript-1.0.58-19.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.20.5-3.8 is installed
  • OR libwebkit2gtk-4_0-37-2.20.5-3.8 is installed
  • OR libwebkit2gtk3-lang-2.20.5-3.8 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.20.5-3.8 is installed
  • OR webkit2gtk3-2.20.5-3.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 is installed
  • AND Package Information
  • kernel-livepatch-4_12_14-25_6-default-6-2 is installed
  • OR kernel-livepatch-SLE15_Update_2-6-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed
  • AND Package Information
  • kernel-livepatch-4_12_14-197_26-default-3-2 is installed
  • OR kernel-livepatch-SLE15-SP1_Update_7-3-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed
  • AND Package Information
  • php7-7.2.5-4.32 is installed
  • OR php7-embed-7.2.5-4.32 is installed
  • OR php7-readline-7.2.5-4.32 is installed
  • OR php7-sodium-7.2.5-4.32 is installed
  • OR php7-tidy-7.2.5-4.32 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND Package Information
  • evolution-3.26.6-4.3 is installed
  • OR glade-catalog-evolution-3.26.6-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-32bit-2.28.3-3.3 is installed
  • OR libwebkit2gtk-4_0-37-32bit-2.28.3-3.3 is installed
  • OR webkit-jsc-4-2.28.3-3.3 is installed
  • OR webkit2gtk3-2.28.3-3.3 is installed
  • OR webkit2gtk3-minibrowser-2.28.3-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Public Cloud 15 is installed
  • AND Package Information
  • python-ecdsa-0.13.3-3.3 is installed
  • OR python3-ecdsa-0.13.3-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Public Cloud 15 SP1 is installed
  • AND Package Information
  • kernel-azure-4.12.14-8.41 is installed
  • OR kernel-azure-base-4.12.14-8.41 is installed
  • OR kernel-azure-devel-4.12.14-8.41 is installed
  • OR kernel-devel-azure-4.12.14-8.41 is installed
  • OR kernel-source-azure-4.12.14-8.41 is installed
  • OR kernel-syms-azure-4.12.14-8.41 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Python2 packages 15 SP1 is installed
  • AND Package Information
  • python-requests-2.20.1-6.3 is installed
  • OR python2-requests-2.20.1-6.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 is installed
  • AND Package Information
  • libxmltooling-devel-1.6.4-3.3 is installed
  • OR libxmltooling7-1.6.4-3.3 is installed
  • OR xmltooling-1.6.4-3.3 is installed
  • OR xmltooling-schemas-1.6.4-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed
  • AND Package Information
  • qemu-3.1.1.1-9.21 is installed
  • OR qemu-arm-3.1.1.1-9.21 is installed
  • OR qemu-audio-alsa-3.1.1.1-9.21 is installed
  • OR qemu-audio-oss-3.1.1.1-9.21 is installed
  • OR qemu-audio-pa-3.1.1.1-9.21 is installed
  • OR qemu-block-curl-3.1.1.1-9.21 is installed
  • OR qemu-block-iscsi-3.1.1.1-9.21 is installed
  • OR qemu-block-rbd-3.1.1.1-9.21 is installed
  • OR qemu-block-ssh-3.1.1.1-9.21 is installed
  • OR qemu-guest-agent-3.1.1.1-9.21 is installed
  • OR qemu-ipxe-1.0.0+-9.21 is installed
  • OR qemu-kvm-3.1.1.1-9.21 is installed
  • OR qemu-lang-3.1.1.1-9.21 is installed
  • OR qemu-ppc-3.1.1.1-9.21 is installed
  • OR qemu-s390-3.1.1.1-9.21 is installed
  • OR qemu-seabios-1.12.0-9.21 is installed
  • OR qemu-sgabios-8-9.21 is installed
  • OR qemu-ui-curses-3.1.1.1-9.21 is installed
  • OR qemu-ui-gtk-3.1.1.1-9.21 is installed
  • OR qemu-vgabios-1.12.0-9.21 is installed
  • OR qemu-x86-3.1.1.1-9.21 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 is installed
  • AND Package Information
  • nodejs8-8.11.4-3.8 is installed
  • OR nodejs8-devel-8.11.4-3.8 is installed
  • OR nodejs8-docs-8.11.4-3.8 is installed
  • OR npm8-8.11.4-3.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed
  • AND Package Information
  • tomcat-9.0.21-4.5 is installed
  • OR tomcat-admin-webapps-9.0.21-4.5 is installed
  • OR tomcat-el-3_0-api-9.0.21-4.5 is installed
  • OR tomcat-jsp-2_3-api-9.0.21-4.5 is installed
  • OR tomcat-lib-9.0.21-4.5 is installed
  • OR tomcat-servlet-4_0-api-9.0.21-4.5 is installed
  • OR tomcat-webapps-9.0.21-4.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • ecryptfs-utils-103-5 is installed
  • OR ecryptfs-utils-32bit-103-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_69-default-4-2 is installed
  • OR kgraft-patch-3_12_74-60_64_69-xen-4-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_24-4-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • apache-commons-beanutils-1.9.2-1 is installed
  • OR apache-commons-beanutils-javadoc-1.9.2-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • res-signingkeys-3.0.37-52.23 is installed
  • OR smt-3.0.37-52.23 is installed
  • OR smt-support-3.0.37-52.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • kernel-default-4.4.121-92.85 is installed
  • OR kernel-default-base-4.4.121-92.85 is installed
  • OR kernel-default-devel-4.4.121-92.85 is installed
  • OR kernel-devel-4.4.121-92.85 is installed
  • OR kernel-macros-4.4.121-92.85 is installed
  • OR kernel-source-4.4.121-92.85 is installed
  • OR kernel-syms-4.4.121-92.85 is installed
  • OR kgraft-patch-4_4_121-92_85-default-1-3.5 is installed
  • OR kgraft-patch-SLE12-SP2_Update_23-1-3.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_74-92_32-default-10-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_11-10-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • alsa-1.0.27.2-15 is installed
  • OR alsa-docs-1.0.27.2-15 is installed
  • OR libasound2-1.0.27.2-15 is installed
  • OR libasound2-32bit-1.0.27.2-15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_175-94_79-default-5-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_23-5-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libSoundTouch0-1.7.1-5.6 is installed
  • OR soundtouch-1.7.1-5.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 15-LTSS is installed
  • AND Package Information
  • nodejs10-10.22.1-1.27 is installed
  • OR nodejs10-devel-10.22.1-1.27 is installed
  • OR nodejs10-docs-10.22.1-1.27 is installed
  • OR npm10-10.22.1-1.27 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 is installed
  • AND Package Information
  • gstreamer-plugins-base-1.12.5-3.3 is installed
  • OR gstreamer-plugins-base-lang-1.12.5-3.3 is installed
  • OR libgstallocators-1_0-0-1.12.5-3.3 is installed
  • OR libgstapp-1_0-0-1.12.5-3.3 is installed
  • OR libgstaudio-1_0-0-1.12.5-3.3 is installed
  • OR libgstfft-1_0-0-1.12.5-3.3 is installed
  • OR libgstpbutils-1_0-0-1.12.5-3.3 is installed
  • OR libgstriff-1_0-0-1.12.5-3.3 is installed
  • OR libgstrtp-1_0-0-1.12.5-3.3 is installed
  • OR libgstrtsp-1_0-0-1.12.5-3.3 is installed
  • OR libgstsdp-1_0-0-1.12.5-3.3 is installed
  • OR libgsttag-1_0-0-1.12.5-3.3 is installed
  • OR libgstvideo-1_0-0-1.12.5-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND Package Information
  • dia-0.97.3-4.3 is installed
  • OR dia-lang-0.97.3-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP2 is installed
  • AND Package Information
  • LibVNCServer-0.9.10-4.22 is installed
  • OR libvncclient0-0.9.10-4.22 is installed
  • OR libvncserver0-0.9.10-4.22 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • xorg-x11-server-7.6_1.15.2-53.3 is installed
  • OR xorg-x11-server-extra-7.6_1.15.2-53.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6-LTSS is installed
  • AND python-setuptools-18.0.1-4.8 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • glibc-2.22-62.13 is installed
  • OR glibc-32bit-2.22-62.13 is installed
  • OR glibc-devel-2.22-62.13 is installed
  • OR glibc-devel-32bit-2.22-62.13 is installed
  • OR glibc-html-2.22-62.13 is installed
  • OR glibc-i18ndata-2.22-62.13 is installed
  • OR glibc-info-2.22-62.13 is installed
  • OR glibc-locale-2.22-62.13 is installed
  • OR glibc-locale-32bit-2.22-62.13 is installed
  • OR glibc-profile-2.22-62.13 is installed
  • OR glibc-profile-32bit-2.22-62.13 is installed
  • OR nscd-2.22-62.13 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND git-2.12.3-27.14 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • dovecot22-2.2.31-19.17 is installed
  • OR dovecot22-backend-mysql-2.2.31-19.17 is installed
  • OR dovecot22-backend-pgsql-2.2.31-19.17 is installed
  • OR dovecot22-backend-sqlite-2.2.31-19.17 is installed
    • BACK