Oval Definition:	oval:org.opensuse.security:def:56565
Revision Date: 2020-12-01 Version: 1 Title: Security update for webkit2gtk3 (Important) Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.18.5: + Disable SharedArrayBuffers from Web API. + Reduce the precision of 'high' resolution time to 1ms. + bsc#1075419 - Security fixes: includes improvements to mitigate the effects of Spectre and Meltdown (CVE-2017-5753 and CVE-2017-5715). Update to version 2.18.4: + Make WebDriver implementation more spec compliant. + Fix a bug when trying to remove cookies before a web process is spawned. + WebKitWebDriver process no longer links to libjavascriptcoregtk. + Fix several memory leaks in GStreamer media backend. + bsc#1073654 - Security fixes: CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-13856. Update to version 2.18.3: + Improve calculation of font metrics to prevent scrollbars from being shown unnecessarily in some cases. + Fix handling of null capabilities in WebDriver implementation. + Security fixes: CVE-2017-13798, CVE-2017-13788, CVE-2017-13803. Update to version 2.18.2: + Fix rendering of arabic text. + Fix a crash in the web process when decoding GIF images. + Fix rendering of wind in Windy.com. + Fix several crashes and rendering issues. Update to version 2.18.1: + Improve performance of GIF animations. + Fix garbled display in GMail. + Fix rendering of several material design icons when using the web font. + Fix flickering when resizing the window in Wayland. + Prevent default kerberos authentication credentials from being used in ephemeral sessions. + Fix a crash when webkit_web_resource_get_data() is cancelled. + Correctly handle touchmove and touchend events in WebKitWebView. + Fix the build with enchant 2.1.1. + Fix the build in HPPA and Alpha. + Fix several crashes and rendering issues. + Security fixes: CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120, CVE-2017-7142. - Enable gold linker on s390/s390x on SLE15/Tumbleweed. Family: unix Class: patch Status: Reference(s): 1013882 1014136 1020950 1024749 1026236 1027519 1027593 1031460 1034845 1036470 1037243 1042160 1042863 1042882 1042893 1042915 1042923 1042924 1042931 1042938 1043074 1043297 1043353 1043354 1047908 1050037 1050072 1050098 1050100 1050469 1050635 1051442 1052470 1052708 1052717 1052721 1052768 1052777 1052781 1054600 1055068 1055374 1055455 1055456 1057000 1060162 1060427 1062752 1063008 1064113 1064114 1066892 1069925 1072167 1072362 1072901 1073654 1074120 1074125 1074185 1074309 1075419 1075939 1076021 1076051 1097108 1099306 1101676 1101677 1101678 1103342 1106119 1112368 1112377 1112384 1112386 1112391 1112397 1112404 1112415 1112417 1112421 1112432 1112767 1114828 1116600 1116686 1118754 1120041 1122198 1122475 1127027 1131060 1131291 1153108 1156334 918089 918090 947494 952347 955753 966891 977012 978993 982331 983164 987176 988361 994399 CVE-2008-1686 CVE-2009-2625 CVE-2009-3560 CVE-2009-3720 CVE-2010-2074 CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 CVE-2012-4929 CVE-2014-9638 CVE-2014-9639 CVE-2014-9640 CVE-2015-1283 CVE-2015-1606 CVE-2015-1607 CVE-2015-6749 CVE-2016-0718 CVE-2016-4049 CVE-2016-4692 CVE-2016-4743 CVE-2016-5011 CVE-2016-7586 CVE-2016-7587 CVE-2016-7589 CVE-2016-7592 CVE-2016-7598 CVE-2016-7599 CVE-2016-7610 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 CVE-2016-9843 CVE-2017-10320 CVE-2017-10365 CVE-2017-10911 CVE-2017-10912 CVE-2017-10913 CVE-2017-10914 CVE-2017-10915 CVE-2017-10916 CVE-2017-10917 CVE-2017-10918 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 CVE-2017-10995 CVE-2017-11505 CVE-2017-11525 CVE-2017-11526 CVE-2017-11539 CVE-2017-11639 CVE-2017-11750 CVE-2017-12565 CVE-2017-12640 CVE-2017-12641 CVE-2017-12643 CVE-2017-12671 CVE-2017-12673 CVE-2017-12676 CVE-2017-12935 CVE-2017-13059 CVE-2017-13141 CVE-2017-13142 CVE-2017-13147 CVE-2017-13788 CVE-2017-13798 CVE-2017-13803 CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 CVE-2017-14103 CVE-2017-14649 CVE-2017-14746 CVE-2017-15218 CVE-2017-15275 CVE-2017-15365 CVE-2017-17504 CVE-2017-17681 CVE-2017-17879 CVE-2017-17884 CVE-2017-17914 CVE-2017-18008 CVE-2017-18027 CVE-2017-18029 CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 CVE-2017-2496 CVE-2017-2510 CVE-2017-2539 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-7006 CVE-2017-7011 CVE-2017-7012 CVE-2017-7018 CVE-2017-7019 CVE-2017-7020 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7038 CVE-2017-7039 CVE-2017-7040 CVE-2017-7041 CVE-2017-7042 CVE-2017-7043 CVE-2017-7046 CVE-2017-7048 CVE-2017-7049 CVE-2017-7052 CVE-2017-7055 CVE-2017-7056 CVE-2017-7059 CVE-2017-7061 CVE-2017-7064 CVE-2017-7081 CVE-2017-7087 CVE-2017-7089 CVE-2017-7090 CVE-2017-7091 CVE-2017-7092 CVE-2017-7093 CVE-2017-7094 CVE-2017-7095 CVE-2017-7096 CVE-2017-7098 CVE-2017-7099 CVE-2017-7100 CVE-2017-7102 CVE-2017-7104 CVE-2017-7107 CVE-2017-7109 CVE-2017-7111 CVE-2017-7117 CVE-2017-7120 CVE-2017-7142 CVE-2017-7156 CVE-2017-7157 CVE-2017-8112 CVE-2017-8309 CVE-2017-8905 CVE-2017-9261 CVE-2017-9262 CVE-2017-9330 CVE-2017-9374 CVE-2017-9503 CVE-2018-10853 CVE-2018-16471 CVE-2018-2759 CVE-2018-2777 CVE-2018-2786 CVE-2018-2810 CVE-2018-3058 CVE-2018-3060 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3162 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3200 CVE-2018-3251 CVE-2018-3277 CVE-2018-3282 CVE-2018-3284 CVE-2018-3646 CVE-2018-5246 CVE-2018-5685 CVE-2019-10220 CVE-2019-15917 CVE-2019-3880 SUSE-SU-2015:2171-2 SUSE-SU-2016:1482-1 SUSE-SU-2016:2764-1 SUSE-SU-2017:1812-1 SUSE-SU-2017:3086-1 SUSE-SU-2018:0219-1 SUSE-SU-2018:0349-1 SUSE-SU-2018:2368-1 SUSE-SU-2019:1136-1 SUSE-SU-2019:1195-1 SUSE-SU-2019:1440-1 SUSE-SU-2019:1441-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND libcacard0-2.5.3-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information update-test-32bit-pkg-5.1-lp151.12 is installed OR update-test-affects-package-manager-5.1-lp151.12 is installed OR update-test-broken-5.1-lp151.12 is installed OR update-test-feature-5.1-lp151.12 is installed OR update-test-interactive-5.1-lp151.12 is installed OR update-test-optional-5.1-lp151.12 is installed OR update-test-reboot-needed-5.1-lp151.12 is installed OR update-test-relogin-suggested-5.1-lp151.12 is installed OR update-test-security-5.1-lp151.12 is installed OR update-test-trivial-5.1-lp151.12 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information libjavascriptcoregtk-4_0-18-2.18.5-2.18 is installed OR libwebkit2gtk-4_0-37-2.18.5-2.18 is installed OR libwebkit2gtk3-lang-2.18.5-2.18 is installed OR typelib-1_0-JavaScriptCore-4_0-2.18.5-2.18 is installed OR typelib-1_0-WebKit2-4_0-2.18.5-2.18 is installed OR webkit2gtk-4_0-injected-bundles-2.18.5-2.18 is installed OR webkit2gtk3-2.18.5-2.18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information vorbis-tools-1.4.0-26 is installed OR vorbis-tools-lang-1.4.0-26 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_85-default-6-2 is installed OR kgraft-patch-3_12_74-60_64_85-xen-6-2 is installed OR kgraft-patch-SLE12-SP1_Update_26-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information expat-2.1.0-17 is installed OR libexpat1-2.1.0-17 is installed OR libexpat1-32bit-2.1.0-17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information xen-4.7.5_04-43.33 is installed OR xen-doc-html-4.7.5_04-43.33 is installed OR xen-libs-4.7.5_04-43.33 is installed OR xen-libs-32bit-4.7.5_04-43.33 is installed OR xen-tools-4.7.5_04-43.33 is installed OR xen-tools-domU-4.7.5_04-43.33 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.15-30.33 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.15-30.33 is installed OR java-1_8_0-ibm-devel-1.8.0_sr5.15-30.33 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.15-30.33 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_121-92_92-default-4-2 is installed OR kgraft-patch-SLE12-SP2_Update_24-4-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libXfixes3-5.0.1-7 is installed OR libXfixes3-32bit-5.0.1-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information MozillaFirefox-60.9.0-109.86 is installed OR MozillaFirefox-translations-common-60.9.0-109.86 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_180-94_100-default-2-2 is installed OR kgraft-patch-SLE12-SP3_Update_27-2-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND ipmitool-1.8.18-5.9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information at-3.1.14-8.6 is installed OR flex-2.5.37-8 is installed OR flex-32bit-2.5.37-8 is installed OR libQtWebKit4-4.8.7+2.3.4-4.7 is installed OR libQtWebKit4-32bit-4.8.7+2.3.4-4.7 is installed OR libbonobo-2.32.1-16 is installed OR libbonobo-32bit-2.32.1-16 is installed OR libbonobo-doc-2.32.1-16 is installed OR libbonobo-lang-2.32.1-16 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information xen-4.5.5_12-22.18 is installed OR xen-doc-html-4.5.5_12-22.18 is installed OR xen-kmp-default-4.5.5_12_k3.12.74_60.64.45-22.18 is installed OR xen-libs-4.5.5_12-22.18 is installed OR xen-libs-32bit-4.5.5_12-22.18 is installed OR xen-tools-4.5.5_12-22.18 is installed OR xen-tools-domU-4.5.5_12-22.18 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information libopenssl-devel-1.0.2j-60.52 is installed OR libopenssl1_0_0-1.0.2j-60.52 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.52 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.52 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.52 is installed OR openssl-1.0.2j-60.52 is installed OR openssl-doc-1.0.2j-60.52 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information perl-Mail-SpamAssassin-3.4.2-44.8 is installed OR spamassassin-3.4.2-44.8 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND slf4j-1.7.12-3.3 is installed
BACK