OVAL Reference oval:org.opensuse.security:def:56199

Oval Definition:

oval:org.opensuse.security:def:56199

Revision Date:	2020-12-01	Version:	1
Title:	Security update for webkit2gtk3 (Important)
Description:	This update for webkit2gtk3 to version 2.18.0 fixes the following issues: These security issues were fixed: - CVE-2017-7039: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7018: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7030: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7037: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7034: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7055: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7056: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7064: An issue was fixed that allowed remote attackers to bypass intended memory-read restrictions via a crafted app (bsc#1050469). - CVE-2017-7061: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7048: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7046: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-2538: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1045460) - CVE-2017-2496: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2539: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2510: An issue was fixed that allowed remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events. - CVE-2017-2365: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2366: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2373: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2363: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2362: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2354: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749). - CVE-2017-2355: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2356: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2371: An issue was fixed that allowed remote attackers to launch popups via a crafted web site (bsc#1024749) - CVE-2017-2364: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2369: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2016-7656: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7635: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7654: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7639: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7645: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7652: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7641: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7632: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7599: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that used HTTP redirects (bsc#1020950) - CVE-2016-7592: An issue was fixed that allowed remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site (bsc#1020950) - CVE-2016-7589: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7623: An issue was fixed that allowed remote attackers to obtain sensitive information via a blob URL on a web site (bsc#1020950) - CVE-2016-7586: An issue was fixed that allowed remote attackers to obtain sensitive information via a crafted web site (bsc#1020950) For other non-security fixes please check the changelog.
Family:	unix	Class:	patch
Status:		Reference(s):	1002639 1004728 1005410 1006118 1007853 1007854 1007855 1007857 1007858 1007925 1008340 1008648 1010893 1011805 1011812 1017141 1017695 1019938 1020063 1020950 1021687 1024014 1024017 1024034 1024749 1045327 1045460 1050469 1057950 1112039 1130324 902375 934524 934527 934528 952099 957812 974407 CVE-2002-2443 CVE-2009-0159 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-1252 CVE-2009-3295 CVE-2009-4212 CVE-2010-0283 CVE-2010-0628 CVE-2010-1320 CVE-2010-1321 CVE-2010-1322 CVE-2010-1323 CVE-2010-1324 CVE-2010-2242 CVE-2010-2529 CVE-2010-4020 CVE-2010-4021 CVE-2010-4022 CVE-2011-0281 CVE-2011-0282 CVE-2011-0284 CVE-2011-0285 CVE-2011-1146 CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 CVE-2011-1530 CVE-2011-2511 CVE-2011-4600 CVE-2012-1012 CVE-2012-1013 CVE-2012-1016 CVE-2012-3445 CVE-2013-0170 CVE-2013-1415 CVE-2013-1417 CVE-2013-1418 CVE-2013-1962 CVE-2013-2186 CVE-2013-2218 CVE-2013-2230 CVE-2013-4153 CVE-2013-4154 CVE-2013-4239 CVE-2013-4296 CVE-2013-4297 CVE-2013-4311 CVE-2013-4399 CVE-2013-4400 CVE-2013-4401 CVE-2013-4566 CVE-2013-5211 CVE-2013-6436 CVE-2013-6457 CVE-2013-6458 CVE-2014-0028 CVE-2014-0050 CVE-2014-0179 CVE-2014-1447 CVE-2014-3633 CVE-2014-3657 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5351 CVE-2014-5352 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 CVE-2014-7823 CVE-2014-8136 CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2014-9297 CVE-2014-9298 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 CVE-2014-9556 CVE-2014-9732 CVE-2015-0236 CVE-2015-1798 CVE-2015-1799 CVE-2015-2694 CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 CVE-2015-3195 CVE-2015-3405 CVE-2015-4470 CVE-2015-4471 CVE-2015-5247 CVE-2015-7555 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2016-0762 CVE-2016-10198 CVE-2016-10199 CVE-2016-3977 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-7586 CVE-2016-7589 CVE-2016-7592 CVE-2016-7599 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 CVE-2016-8637 CVE-2016-8735 CVE-2017-1000251 CVE-2017-15274 CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 CVE-2017-2496 CVE-2017-2510 CVE-2017-2538 CVE-2017-2539 CVE-2017-5840 CVE-2017-7018 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7039 CVE-2017-7046 CVE-2017-7048 CVE-2017-7055 CVE-2017-7056 CVE-2017-7061 CVE-2017-7064 CVE-2018-18386 CVE-2019-9924 SUSE-SU-2015:2131-1 SUSE-SU-2015:2275-1 SUSE-SU-2016:3079-1 SUSE-SU-2017:0951-1 SUSE-SU-2017:1004-1 SUSE-SU-2017:2785-1 SUSE-SU-2017:2933-1 SUSE-SU-2019:0898-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information accountsservice-0.6.45-lp150.2 is installed OR accountsservice-lang-0.6.45-lp150.2 is installed OR libaccountsservice0-0.6.45-lp150.2 is installed OR typelib-1_0-AccountsService-1_0-0.6.45-lp150.2 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information python-Twisted-17.9.0-lp151.3.3 is installed OR python-Twisted-doc-17.9.0-lp151.3.3 is installed OR python2-Twisted-17.9.0-lp151.3.3 is installed OR python3-Twisted-17.9.0-lp151.3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP4 is installed AND cabextract-1.2-2.12 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information libjavascriptcoregtk-4_0-18-2.18.0-2.9 is installed OR libwebkit2gtk-4_0-37-2.18.0-2.9 is installed OR libwebkit2gtk3-lang-2.18.0-2.9 is installed OR typelib-1_0-JavaScriptCore-4_0-2.18.0-2.9 is installed OR typelib-1_0-WebKit2-4_0-2.18.0-2.9 is installed OR webkit2gtk-4_0-injected-bundles-2.18.0-2.9 is installed OR webkit2gtk3-2.18.0-2.9 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND apache2-mod_nss-1.0.8-13 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_62-60_64_8-default-12-4 is installed OR kgraft-patch-3_12_62-60_64_8-xen-12-4 is installed OR kgraft-patch-SLE12-SP1_Update_8-12-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information giflib-progs-5.0.5-12 is installed OR libgif6-5.0.5-12 is installed OR libgif6-32bit-5.0.5-12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information xen-4.7.6_05-43.42 is installed OR xen-doc-html-4.7.6_05-43.42 is installed OR xen-libs-4.7.6_05-43.42 is installed OR xen-libs-32bit-4.7.6_05-43.42 is installed OR xen-tools-4.7.6_05-43.42 is installed OR xen-tools-domU-4.7.6_05-43.42 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_120-92_70-default-7-2 is installed OR kgraft-patch-SLE12-SP2_Update_20-7-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_114-92_64-default-5-2 is installed OR kgraft-patch-SLE12-SP2_Update_18-5-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libmpfr4-3.1.2-7 is installed OR libmpfr4-32bit-3.1.2-7 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND clamav-0.100.2-33.18 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND libsrtp1-1.5.2-3.2 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND ntp-4.2.8p4-1 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information res-signingkeys-3.0.37-52.23 is installed OR smt-3.0.37-52.23 is installed OR smt-support-3.0.37-52.23 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND python-paramiko-2.2.4-4.3 is installed

BACK