Oval Definition:	oval:org.opensuse.security:def:51073
Revision Date: 2020-12-01 Version: 1 Title: Security update for webkit2gtk3 (Moderate) Description: This update for webkit2gtk3 to version 2.20.3 fixes the following issues: These security issues were fixed: - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693). - CVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site (bsc#1097693) - CVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free (bsc#1097693) - CVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693) - CVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted web site (bsc#1097693) - CVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1097693) - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandle an unset pageURL, leading to an application crash (bsc#1095611). These non-security issues were fixed: - Disable Gigacage if mmap fails to allocate in Linux. - Add user agent quirk for paypal website. - Fix a network process crash when trying to get cookies of about:blank page. - Fix UI process crash when closing the window under Wayland. - Fix several crashes and rendering issues. Family: unix Class: patch Status: Reference(s): 1013708 1013712 1013893 1015171 1055014 1055186 1061843 1065600 1065729 1066382 1077428 1079730 1095611 1097693 1098403 1103203 1107832 1110233 1111025 1119115 1129923 1134760 1134883 1135902 1136021 1136540 1136778 1140402 1143794 1149032 1152489 1155798 1160467 1160468 1160968 1161883 1163592 1164648 1165692 1168468 1171675 1171688 1173027 1173477 1173691 1173694 1173700 1173701 1173743 1173874 1173875 1173876 1173880 1173902 1173994 1174003 1174098 1174458 1174748 1174969 1175052 1175070 1175071 1175074 1175599 1175621 1175718 1175721 1175749 1175807 1175898 1176019 1176354 1176381 1176400 1176485 1176588 1176713 1176907 1176979 1177027 1177086 1177090 1177109 1177121 1177193 1177194 1177206 1177258 1177271 1177281 1177283 1177284 1177285 1177286 1177297 1177353 1177384 1177410 1177411 1177470 1177511 1177613 1177617 1177681 1177683 1177687 1177694 1177697 1177719 1177724 1177725 1177726 1177739 1177749 1177750 1177754 1177755 1177765 1177766 1177799 1177801 1177814 1177817 1177854 1177855 1177856 1177861 1178002 1178079 1178166 1178173 1178175 1178176 1178177 1178183 1178184 1178185 1178186 1178190 1178191 1178246 1178255 1178307 1178330 1178395 CVE-2009-0688 CVE-2010-4352 CVE-2011-0461 CVE-2012-3524 CVE-2013-2168 CVE-2014-3477 CVE-2014-3532 CVE-2014-3533 CVE-2014-3635 CVE-2014-3636 CVE-2014-3637 CVE-2014-3638 CVE-2014-3639 CVE-2016-9797 CVE-2016-9798 CVE-2016-9802 CVE-2016-9917 CVE-2017-18922 CVE-2018-11646 CVE-2018-14633 CVE-2018-17182 CVE-2018-21247 CVE-2018-4190 CVE-2018-4199 CVE-2018-4218 CVE-2018-4222 CVE-2018-4232 CVE-2018-4233 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-14896 CVE-2019-14897 CVE-2019-20839 CVE-2019-20840 CVE-2020-11984 CVE-2020-11993 CVE-2020-12351 CVE-2020-12352 CVE-2020-14318 CVE-2020-14323 CVE-2020-14339 CVE-2020-14351 CVE-2020-14383 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-16120 CVE-2020-24490 CVE-2020-25212 CVE-2020-25285 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 CVE-2020-27673 CVE-2020-27675 CVE-2020-8177 CVE-2020-9490 SUSE-SU-2018:2075-1 SUSE-SU-2019:1353-1 SUSE-SU-2019:1607-1 SUSE-SU-2019:2246-1 SUSE-SU-2020:0231-1 SUSE-SU-2020:1773-1 SUSE-SU-2020:1922-1 SUSE-SU-2020:2344-1 Platform(s): SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Workstation Extension 15 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND usbmuxd-1.0.7-5.10 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information bind-9.9.6P1-0.19 is installed OR bind-libs-9.9.6P1-0.19 is installed OR bind-libs-32bit-9.9.6P1-0.19 is installed OR bind-utils-9.9.6P1-0.19 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-1 is installed OR aaa_base-extras-13.2+git20140911.61c1681-1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information bash-4.2-75 is installed OR bash-doc-4.2-75 is installed OR bash-lang-4.2-75 is installed OR libreadline6-6.2-75 is installed OR libreadline6-32bit-6.2-75 is installed OR readline-doc-6.2-75 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND coolkey-1.1.0-147 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information fuse-2.9.3-5 is installed OR libfuse2-2.9.3-5 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information java-1_7_0-openjdk-1.7.0.181-43.15 is installed OR java-1_7_0-openjdk-headless-1.7.0.181-43.15 is installed Definition Synopsis SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2 is installed AND Package Information LibVNCServer-0.9.10-4.22 is installed OR libvncserver0-0.9.10-4.22 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information typelib-1_0-JavaScriptCore-4_0-2.20.3-3.3 is installed OR typelib-1_0-WebKit2-4_0-2.20.3-3.3 is installed OR typelib-1_0-WebKit2WebExtension-4_0-2.20.3-3.3 is installed OR webkit2gtk3-2.20.3-3.3 is installed OR webkit2gtk3-devel-2.20.3-3.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 is installed AND Package Information java-1_8_0-openjdk-1.8.0.242-3.30 is installed OR java-1_8_0-openjdk-demo-1.8.0.242-3.30 is installed OR java-1_8_0-openjdk-devel-1.8.0.242-3.30 is installed OR java-1_8_0-openjdk-headless-1.8.0.242-3.30 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-23-default-5-13 is installed OR kernel-livepatch-SLE15_Update_0-5-13 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information libvirt-6.0.0-13.3 is installed OR libvirt-devel-32bit-6.0.0-13.3 is installed OR wireshark-plugin-libvirt-6.0.0-13.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information qemu-2.11.2-9.28 is installed OR qemu-arm-2.11.2-9.28 is installed OR qemu-block-curl-2.11.2-9.28 is installed OR qemu-block-iscsi-2.11.2-9.28 is installed OR qemu-block-rbd-2.11.2-9.28 is installed OR qemu-block-ssh-2.11.2-9.28 is installed OR qemu-guest-agent-2.11.2-9.28 is installed OR qemu-ipxe-1.0.0+-9.28 is installed OR qemu-kvm-2.11.2-9.28 is installed OR qemu-lang-2.11.2-9.28 is installed OR qemu-ppc-2.11.2-9.28 is installed OR qemu-s390-2.11.2-9.28 is installed OR qemu-seabios-1.11.0-9.28 is installed OR qemu-sgabios-8-9.28 is installed OR qemu-vgabios-1.11.0-9.28 is installed OR qemu-x86-2.11.2-9.28 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND Package Information apache2-2.4.33-3.33 is installed OR apache2-devel-2.4.33-3.33 is installed OR apache2-doc-2.4.33-3.33 is installed OR apache2-prefork-2.4.33-3.33 is installed OR apache2-utils-2.4.33-3.33 is installed OR apache2-worker-2.4.33-3.33 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information libsqlite3-0-3.8.10.2-3 is installed OR libsqlite3-0-32bit-3.8.10.2-3 is installed OR sqlite3-3.8.10.2-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_40-default-11-2 is installed OR kgraft-patch-3_12_74-60_64_40-xen-11-2 is installed OR kgraft-patch-SLE12-SP1_Update_15-11-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information cpio-2.11-29 is installed OR cpio-lang-2.11-29 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information gpg2-2.0.24-9.3 is installed OR gpg2-lang-2.0.24-9.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information java-1_7_0-openjdk-1.7.0.181-43.15 is installed OR java-1_7_0-openjdk-demo-1.7.0.181-43.15 is installed OR java-1_7_0-openjdk-devel-1.7.0.181-43.15 is installed OR java-1_7_0-openjdk-headless-1.7.0.181-43.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information gpg2-2.0.24-9.3 is installed OR gpg2-lang-2.0.24-9.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information cracklib-2.9.0-7 is installed OR libcrack2-2.9.0-7 is installed OR libcrack2-32bit-2.9.0-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libpolkit0-0.113-5.18 is installed OR polkit-0.113-5.18 is installed OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information evince-3.20.2-6.27 is installed OR evince-browser-plugin-3.20.2-6.27 is installed OR evince-lang-3.20.2-6.27 is installed OR evince-plugin-djvudocument-3.20.2-6.27 is installed OR evince-plugin-dvidocument-3.20.2-6.27 is installed OR evince-plugin-pdfdocument-3.20.2-6.27 is installed OR evince-plugin-psdocument-3.20.2-6.27 is installed OR evince-plugin-tiffdocument-3.20.2-6.27 is installed OR evince-plugin-xpsdocument-3.20.2-6.27 is installed OR libevdocument3-4-3.20.2-6.27 is installed OR libevview3-3-3.20.2-6.27 is installed OR nautilus-evince-3.20.2-6.27 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND shadow-4.2.1-27.12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information crash-7.2.1-2 is installed OR crash-kmp-default-7.2.1_k4.12.14_94.41-2 is installed Definition Synopsis SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information curl-7.60.0-3.29 is installed OR libcurl-devel-7.60.0-3.29 is installed OR libcurl4-7.60.0-3.29 is installed OR libcurl4-32bit-7.60.0-3.29 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information bluez-5.48-5.16 is installed OR bluez-cups-5.48-5.16 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND openstack-heat-templates-0.0.0+git.1452795102.e53f5d3-1 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information openstack-ceilometer-7.0.4~a0~dev7-3 is installed OR openstack-ceilometer-agent-central-7.0.4~a0~dev7-3 is installed OR openstack-ceilometer-agent-compute-7.0.4~a0~dev7-3 is installed OR openstack-ceilometer-agent-ipmi-7.0.4~a0~dev7-3 is installed OR openstack-ceilometer-agent-notification-7.0.4~a0~dev7-3 is installed OR openstack-ceilometer-api-7.0.4~a0~dev7-3 is installed OR openstack-ceilometer-collector-7.0.4~a0~dev7-3 is installed OR openstack-ceilometer-doc-7.0.4~a0~dev7-3 is installed OR openstack-ceilometer-polling-7.0.4~a0~dev7-3 is installed OR openstack-cinder-9.1.5~a0~dev1-3 is installed OR openstack-cinder-api-9.1.5~a0~dev1-3 is installed OR openstack-cinder-backup-9.1.5~a0~dev1-3 is installed OR openstack-cinder-doc-9.1.5~a0~dev1-3 is installed OR openstack-cinder-scheduler-9.1.5~a0~dev1-3 is installed OR openstack-cinder-volume-9.1.5~a0~dev1-3 is installed OR openstack-dashboard-10.0.4~a0~dev2-3 is installed OR openstack-glance-13.0.1~a0~dev6-3 is installed OR openstack-glance-api-13.0.1~a0~dev6-3 is installed OR openstack-glance-doc-13.0.1~a0~dev6-3 is installed OR openstack-glance-glare-13.0.1~a0~dev6-3 is installed OR openstack-glance-registry-13.0.1~a0~dev6-3 is installed OR openstack-heat-7.0.4~a0~dev4-4 is installed OR openstack-heat-api-7.0.4~a0~dev4-4 is installed OR openstack-heat-api-cfn-7.0.4~a0~dev4-4 is installed OR openstack-heat-api-cloudwatch-7.0.4~a0~dev4-4 is installed OR openstack-heat-doc-7.0.4~a0~dev4-4 is installed OR openstack-heat-engine-7.0.4~a0~dev4-4 is installed OR openstack-heat-plugin-heat_docker-7.0.4~a0~dev4-4 is installed OR openstack-heat-test-7.0.4~a0~dev4-4 is installed OR openstack-keystone-10.0.2~a0~dev2-6 is installed OR openstack-keystone-doc-10.0.2~a0~dev2-6 is installed OR openstack-magnum-3.1.2~a0~dev22-13 is installed OR openstack-magnum-api-3.1.2~a0~dev22-13 is installed OR openstack-magnum-conductor-3.1.2~a0~dev22-13 is installed OR openstack-magnum-doc-3.1.2~a0~dev22-13 is installed OR openstack-manila-3.0.1~a0~dev27-3 is installed OR openstack-manila-api-3.0.1~a0~dev27-3 is installed OR openstack-manila-data-3.0.1~a0~dev27-3 is installed OR openstack-manila-doc-3.0.1~a0~dev27-3 is installed OR openstack-manila-scheduler-3.0.1~a0~dev27-3 is installed OR openstack-manila-share-3.0.1~a0~dev27-3 is installed OR openstack-nova-14.0.6~a0~dev16-3 is installed OR openstack-nova-api-14.0.6~a0~dev16-3 is installed OR openstack-nova-cells-14.0.6~a0~dev16-3 is installed OR openstack-nova-cert-14.0.6~a0~dev16-3 is installed OR openstack-nova-compute-14.0.6~a0~dev16-3 is installed OR openstack-nova-conductor-14.0.6~a0~dev16-3 is installed OR openstack-nova-console-14.0.6~a0~dev16-3 is installed OR openstack-nova-consoleauth-14.0.6~a0~dev16-3 is installed OR openstack-nova-doc-14.0.6~a0~dev16-3 is installed OR openstack-nova-novncproxy-14.0.6~a0~dev16-3 is installed OR openstack-nova-placement-api-14.0.6~a0~dev16-3 is installed OR openstack-nova-scheduler-14.0.6~a0~dev16-3 is installed OR openstack-nova-serialproxy-14.0.6~a0~dev16-3 is installed OR openstack-nova-vncproxy-14.0.6~a0~dev16-3 is installed OR python-ceilometer-7.0.4~a0~dev7-3 is installed OR python-cinder-9.1.5~a0~dev1-3 is installed OR python-glance-13.0.1~a0~dev6-3 is installed OR python-heat-7.0.4~a0~dev4-4 is installed OR python-horizon-10.0.4~a0~dev2-3 is installed OR python-keystone-10.0.2~a0~dev2-6 is installed OR python-magnum-3.1.2~a0~dev22-13 is installed OR python-manila-3.0.1~a0~dev27-3 is installed OR python-nova-14.0.6~a0~dev16-3 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND binutils-2.32-9.33 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND nodejs6-6.17.0-11.24 is installed
BACK