Oval Definition:oval:org.opensuse.security:def:56480
Revision Date:2020-12-01Version:1
Title:Security update for webkit2gtk3 (Important)
Description:

This update for webkit2gtk3 to version 2.18.0 fixes the following issues:

These security issues were fixed:

- CVE-2017-7039: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7018: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7030: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7037: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7034: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7055: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7056: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7064: An issue was fixed that allowed remote attackers to bypass intended memory-read restrictions via a crafted app (bsc#1050469). - CVE-2017-7061: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7048: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7046: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-2538: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1045460) - CVE-2017-2496: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2539: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2510: An issue was fixed that allowed remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events. - CVE-2017-2365: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2366: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2373: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2363: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2362: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2354: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749). - CVE-2017-2355: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2356: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2371: An issue was fixed that allowed remote attackers to launch popups via a crafted web site (bsc#1024749) - CVE-2017-2364: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2369: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2016-7656: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7635: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7654: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7639: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7645: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7652: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7641: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7632: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7599: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that used HTTP redirects (bsc#1020950) - CVE-2016-7592: An issue was fixed that allowed remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site (bsc#1020950) - CVE-2016-7589: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7623: An issue was fixed that allowed remote attackers to obtain sensitive information via a blob URL on a web site (bsc#1020950) - CVE-2016-7586: An issue was fixed that allowed remote attackers to obtain sensitive information via a crafted web site (bsc#1020950)

For other non-security fixes please check the changelog.
Family:unixClass:patch
Status:Reference(s):1009280
1015203
1020950
1022804
1024749
1042419
1045460
1050469
1056058
1058565
1058622
1058624
1061343
1066242
1072322
1094301
1094717
1098369
1101428
1101566
1101567
1101568
1101569
1101570
1101571
1101573
1101576
1101577
1101578
1101581
1101582
1101583
1101588
1101589
1101776
1101777
1101786
1101788
1101791
1101794
1101800
1101802
1101804
1101810
1106514
1112039
1133375
1153451
1153459
949022
951660
954658
957160
958581
958582
958583
958584
958585
958586
980830
982129
986534
CVE-2009-2285
CVE-2009-2347
CVE-2010-2065
CVE-2010-2067
CVE-2010-2233
CVE-2010-4665
CVE-2011-0192
CVE-2011-1167
CVE-2012-1173
CVE-2012-2113
CVE-2012-3401
CVE-2012-4413
CVE-2012-4564
CVE-2013-1960
CVE-2013-1961
CVE-2013-1976
CVE-2013-4231
CVE-2013-4232
CVE-2013-4243
CVE-2013-4244
CVE-2013-6391
CVE-2014-0050
CVE-2014-0204
CVE-2014-3476
CVE-2014-3621
CVE-2014-5252
CVE-2014-5253
CVE-2014-8127
CVE-2014-8128
CVE-2014-8129
CVE-2014-8130
CVE-2014-9116
CVE-2014-9655
CVE-2015-0860
CVE-2015-1547
CVE-2015-3223
CVE-2015-5252
CVE-2015-5296
CVE-2015-5299
CVE-2015-5330
CVE-2015-8467
CVE-2016-5104
CVE-2016-5542
CVE-2016-5554
CVE-2016-5556
CVE-2016-5568
CVE-2016-5573
CVE-2016-5597
CVE-2016-7586
CVE-2016-7589
CVE-2016-7592
CVE-2016-7599
CVE-2016-7623
CVE-2016-7632
CVE-2016-7635
CVE-2016-7639
CVE-2016-7641
CVE-2016-7645
CVE-2016-7652
CVE-2016-7654
CVE-2016-7656
CVE-2017-12150
CVE-2017-12151
CVE-2017-12163
CVE-2017-14919
CVE-2017-15896
CVE-2017-2350
CVE-2017-2354
CVE-2017-2355
CVE-2017-2356
CVE-2017-2362
CVE-2017-2363
CVE-2017-2364
CVE-2017-2365
CVE-2017-2366
CVE-2017-2369
CVE-2017-2371
CVE-2017-2373
CVE-2017-2496
CVE-2017-2510
CVE-2017-2538
CVE-2017-2539
CVE-2017-3735
CVE-2017-3736
CVE-2017-3738
CVE-2017-7018
CVE-2017-7030
CVE-2017-7034
CVE-2017-7037
CVE-2017-7039
CVE-2017-7046
CVE-2017-7048
CVE-2017-7055
CVE-2017-7056
CVE-2017-7061
CVE-2017-7064
CVE-2018-11354
CVE-2018-11355
CVE-2018-11356
CVE-2018-11357
CVE-2018-11358
CVE-2018-11359
CVE-2018-11360
CVE-2018-11361
CVE-2018-11362
CVE-2018-14339
CVE-2018-14340
CVE-2018-14341
CVE-2018-14342
CVE-2018-14343
CVE-2018-14344
CVE-2018-14349
CVE-2018-14350
CVE-2018-14351
CVE-2018-14352
CVE-2018-14353
CVE-2018-14354
CVE-2018-14355
CVE-2018-14356
CVE-2018-14357
CVE-2018-14358
CVE-2018-14359
CVE-2018-14360
CVE-2018-14361
CVE-2018-14362
CVE-2018-14363
CVE-2018-14367
CVE-2018-14368
CVE-2018-14369
CVE-2018-14370
CVE-2018-16056
CVE-2018-16057
CVE-2018-16058
CVE-2018-18386
CVE-2018-3760
CVE-2019-17041
CVE-2019-17042
CVE-2019-9928
SUSE-SU-2015:2305-1
SUSE-SU-2016:3043-1
SUSE-SU-2017:1096-1
SUSE-SU-2017:2726-1
SUSE-SU-2017:2933-1
SUSE-SU-2018:0293-1
SUSE-SU-2018:2084-1
SUSE-SU-2018:2217-1
SUSE-SU-2018:2891-1
SUSE-SU-2019:1508-1
SUSE-SU-2020:0424-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • gdk-pixbuf-loader-rsvg-2.42.3-lp150.1 is installed
  • OR librsvg-2-2-2.42.3-lp150.1 is installed
  • OR rsvg-thumbnailer-2.42.3-lp150.1 is installed
  • OR typelib-1_0-Rsvg-2_0-2.42.3-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • gvim-8.0.1568-lp151.5.3 is installed
  • OR vim-8.0.1568-lp151.5.3 is installed
  • OR vim-data-8.0.1568-lp151.5.3 is installed
  • OR vim-data-common-8.0.1568-lp151.5.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.18.0-2.9 is installed
  • OR libwebkit2gtk-4_0-37-2.18.0-2.9 is installed
  • OR libwebkit2gtk3-lang-2.18.0-2.9 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.18.0-2.9 is installed
  • OR typelib-1_0-WebKit2-4_0-2.18.0-2.9 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.18.0-2.9 is installed
  • OR webkit2gtk3-2.18.0-2.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • libtiff5-4.0.4-12 is installed
  • OR libtiff5-32bit-4.0.4-12 is installed
  • OR tiff-4.0.4-12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_99-default-5-2 is installed
  • OR kgraft-patch-3_12_74-60_64_99-xen-5-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_30-5-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND libusbmuxd4-1.0.10-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.22.5-2.32 is installed
  • OR libwebkit2gtk-4_0-37-2.22.5-2.32 is installed
  • OR libwebkit2gtk3-lang-2.22.5-2.32 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32 is installed
  • OR typelib-1_0-WebKit2-4_0-2.22.5-2.32 is installed
  • OR typelib-1_0-WebKit2WebExtension-4_0-2.22.5-2.32 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.22.5-2.32 is installed
  • OR webkit2gtk3-2.22.5-2.32 is installed
  • OR webkit2gtk3-devel-2.22.5-2.32 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.171-27.19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kernel-default-4.4.121-92.85 is installed
  • OR kernel-default-base-4.4.121-92.85 is installed
  • OR kernel-default-devel-4.4.121-92.85 is installed
  • OR kernel-default-man-4.4.121-92.85 is installed
  • OR kernel-devel-4.4.121-92.85 is installed
  • OR kernel-macros-4.4.121-92.85 is installed
  • OR kernel-source-4.4.121-92.85 is installed
  • OR kernel-syms-4.4.121-92.85 is installed
  • OR kgraft-patch-4_4_121-92_85-default-1-3.5 is installed
  • OR kgraft-patch-SLE12-SP2_Update_23-1-3.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • cron-4.2-58 is installed
  • OR cronie-1.4.11-58 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND ucode-intel-20191112-13.53 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • file-roller-3.20.3-15.3 is installed
  • OR file-roller-lang-3.20.3-15.3 is installed
  • OR nautilus-file-roller-3.20.3-15.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • cups-filters-1.0.58-19.2 is installed
  • OR cups-filters-cups-browsed-1.0.58-19.2 is installed
  • OR cups-filters-foomatic-rip-1.0.58-19.2 is installed
  • OR cups-filters-ghostscript-1.0.58-19.2 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • openstack-keystone-8.0.2~a0~dev8-1 is installed
  • OR python-keystone-8.0.2~a0~dev8-1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • ruby2.1-rubygem-sprockets-2_12-2.12.5-1.3 is installed
  • OR rubygem-sprockets-2_12-2.12.5-1.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • qemu-2.9.1-6.44 is installed
  • OR qemu-block-curl-2.9.1-6.44 is installed
  • OR qemu-block-iscsi-2.9.1-6.44 is installed
  • OR qemu-block-rbd-2.9.1-6.44 is installed
  • OR qemu-block-ssh-2.9.1-6.44 is installed
  • OR qemu-guest-agent-2.9.1-6.44 is installed
  • OR qemu-ipxe-1.0.0+-6.44 is installed
  • OR qemu-kvm-2.9.1-6.44 is installed
  • OR qemu-lang-2.9.1-6.44 is installed
  • OR qemu-seabios-1.10.2-6.44 is installed
  • OR qemu-sgabios-8-6.44 is installed
  • OR qemu-tools-2.9.1-6.44 is installed
  • OR qemu-vgabios-1.10.2-6.44 is installed
  • OR qemu-x86-2.9.1-6.44 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • dbus-1-1.8.22-29.17 is installed
  • OR dbus-1-x11-1.8.22-29.17 is installed
  • OR libdbus-1-3-1.8.22-29.17 is installed
  • OR libdbus-1-3-32bit-1.8.22-29.17 is installed
    • BACK