Oval Definition:oval:org.opensuse.security:def:88892
Revision Date:2020-04-29Version:1
Title:Security update for webkit2gtk3 (Important)
Description:

This update for webkit2gtk3 to version 2.28.1 fixes the following issues:

Security issues fixed:

- CVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528). - CVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658). - CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719). - CVE-2020-3862: Fixed a memory handling issue (bsc#1163809). - CVE-2020-3867: Fixed an XSS issue (bsc#1163809). - CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809). - CVE-2020-3864,CVE-2020-3865: Fixed logic issues in the DOM object context handling (bsc#1163809).

Non-security issues fixed:

- Add API to enable Process Swap on (Cross-site) Navigation. - Add user messages API for the communication with the web extension. - Add support for same-site cookies. - Service workers are enabled by default. - Add support for Pointer Lock API. - Add flatpak sandbox support. - Make ondemand hardware acceleration policy never leave accelerated compositing mode. - Always use a light theme for rendering form controls. - Add about:gpu to show information about the graphics stack. - Fixed issues while trying to play a video on NextCloud. - Fixed vertical alignment of text containing arabic diacritics. - Fixed build with icu 65.1. - Fixed page loading errors with websites using HSTS. - Fixed web process crash when displaying a KaTeX formula. - Fixed several crashes and rendering issues. - Switched to a single web process for Evolution and geary (bsc#1159329).
Family:unixClass:patch
Status:Reference(s):1155321
1156318
1159329
1161719
1163809
1165528
1169658
CVE-2019-8625
CVE-2019-8710
CVE-2019-8720
CVE-2019-8743
CVE-2019-8764
CVE-2019-8766
CVE-2019-8769
CVE-2019-8771
CVE-2019-8782
CVE-2019-8783
CVE-2019-8808
CVE-2019-8811
CVE-2019-8812
CVE-2019-8813
CVE-2019-8814
CVE-2019-8815
CVE-2019-8816
CVE-2019-8819
CVE-2019-8820
CVE-2019-8823
CVE-2019-8835
CVE-2019-8844
CVE-2019-8846
CVE-2020-10018
CVE-2020-11793
CVE-2020-3862
CVE-2020-3864
CVE-2020-3865
CVE-2020-3867
CVE-2020-3868
SUSE-SU-2020:1135-1
Platform(s):SUSE Linux Enterprise Server 12 SP4
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.28.1-2.50.3 is installed
  • OR libwebkit2gtk-4_0-37-2.28.1-2.50.3 is installed
  • OR libwebkit2gtk3-lang-2.28.1-2.50.3 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3 is installed
  • OR typelib-1_0-WebKit2-4_0-2.28.1-2.50.3 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3 is installed
    • BACK