APPLE-SA-2015-06-30-1

APPLE-SA-2015-06-30-6

APPLE-SA-2015-05-06-1

APPLE-SA-2015-09-16-3

openSUSE-SU-2016:0761

http://support.apple.com/kb/HT204941

74525

1032270

https://support.apple.com/HT204826

https://support.apple.com/HT205221

https://support.apple.com/kb/HT204949

This update for webkit2gtk3 fixes the following issues :

  - Update to version 2.10.7 :

  + Fix the build with GTK+ < 3.16.

  - Changes from version 2.10.6 :

  + Fix a deadlock in the Web Process when JavaScript     garbage collector was running for a web worker thread     that made google maps to hang.

  + Fix media controls displaying without controls     attribute.

  + Fix a Web Process crash when quickly attempting many DnD     operations.

  - Changes from version 2.10.5 :

  + Disable DNS prefetch when a proxy is configured.

  + Reduce the maximum simultaneous network connections to     match other browsers.

  + Make WebKitWebView always propagate motion-notify-event     signal.

  + Add a way to force accelerating compositing mode at     runtime using an environment variable.

  + Fix input elements and scrollbars rendering with GTK+     3.19.

  + Fix rendering of lines when using solid colors.

  + Fix UI process crashes related to not having a main     resource response when the load is committed for pages     restored from the history cache.

  + Fix a WebProcess crash when loading large contents with     custom URI schemes API.

  + Fix a crash in the UI process when the WebView is     destroyed while the screensaver DBus proxy is being     created.

  + Fix WebProcess crashes due to BadDrawable X errors in     accelerated compositing mode.

  + Fix crashes on PPC64 due to mprotect() on address not     aligned to the page size.

  + Fix std::bad_function_call exception raised in     dispatchDecidePolicyForNavigationAction.

  + Fix downloads of data URLs.

  + Fix runtime critical warnings when closing a page     containing windowed plugins.

  + Fix several crashes and rendering issues.

  + Translation updates: French, German, Italian, Turkish.

  + Security fixes: CVE-2015-7096, CVE-2015-7098.

  - Update to version 2.10.4, notable changes :

  + New HTTP disk cache for the Network Process.

  + New Web Inspector UI.

  + Automatic ScreenServer inhibition when playing     fullscreen videos.

  + Initial Editor API.

  + Performance improvements.

  - This update addresses the following security issues:
    CVE-2015-1122, CVE-2015-1152, CVE-2015-1155,     CVE-2015-3660, CVE-2015-3730, CVE-2015-3738,     CVE-2015-3740, CVE-2015-3742, CVE-2015-3744,     CVE-2015-3746, CVE-2015-3750, CVE-2015-3751,     CVE-2015-3754, CVE-2015-3755, CVE-2015-5804,     CVE-2015-5805, CVE-2015-5807, CVE-2015-5810,     CVE-2015-5813, CVE-2015-5814, CVE-2015-5815,     CVE-2015-5817, CVE-2015-5818, CVE-2015-5825,     CVE-2015-5827, CVE-2015-5828, CVE-2015-5929,     CVE-2015-5930, CVE-2015-5931, CVE-2015-7002,     CVE-2015-7013, CVE-2015-7014, CVE-2015-7048,     CVE-2015-7095, CVE-2015-7097, CVE-2015-7099,     CVE-2015-7100, CVE-2015-7102, CVE-2015-7103,     CVE-2015-7104

  - Add BuildRequires: hyphen-devel to pick up hyphenation     support. Note this is broken upstream.

  - Build with -DENABLE_DATABASE_PROCESS=OFF and

    -DENABLE_INDEXED_DATABASE=OFF to avoid an issue with GCC     4.8.

The version of Apple iTunes running on the remote host is prior to 12.3. It is, therefore, affected by multiple vulnerabilities in the WebKit, CoreText, and ICU components, and in the bundled version of the Microsoft Visual Studio C++ Redistributable Package. An attacker can exploit these vulnerabilities to cause a denial of service, execute arbitrary code, or gain access to encrypted SMB credentials.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Apple iTunes running on the remote host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities due to memory corruption issues in the WebKit component. An attacker can exploit these to cause a denial of service or execute arbitrary code.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Versions of iTunes earlier than 12.3 are affected by multiple vulnerabilities which include :

 - A flaw exists in Microsoft Foundation Class's handling of library loading due to the use of a fixed path.  An attacker can place a custom version of the file or library in the path, and the program will load it before the legitimate version.  Thus, an attacker can leverage this flaw to execute custom code. (CVE-2010-3190)
 - International Components for Unicode for C/C++ (ICU4C) contains several flaws.  An overflow condition exists in the resolveImplicitLevels() function in 'ubidi.c', which is triggered as user-supplied input is not properly validated. Additionally, an integer truncation flaw exists in the same function in 'ubidi.c'.   Either flaw may allow an attacker to crash an application linked against the library or potentially execute arbitrary code. (CVE-2014-8146, CVE-2014-8147, CVE-2015-5922)
 - A flaw exists in CoreText that is triggered as user-supplied input is not properly validated when handling text and font files. This may allow a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2015-1157, CVE-2015-5874, CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, CVE-2015-5755, CVE-2015-5761)
 - A flaw exists that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-1152, CVE-2015-1153, CVE-2015-3730, CVE-2015-3731, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-5789, CVE-2015-5790, CVE-2015-5791, CVE-2015-5792, CVE-2015-5793, CVE-2015-5794, CVE-2015-5795, CVE-2015-5796, CVE-2015-5797, CVE-2015-5798, CVE-2015-5799, CVE-2015-5800, CVE-2015-5801, CVE-2015-5802, CVE-2015-5803, CVE-2015-5804, CVE-2015-5805, CVE-2015-5806, CVE-2015-5807, CVE-2015-5808, CVE-2015-5809, CVE-2015-5810, CVE-2015-5811, CVE-2015-5812, CVE-2015-5813, CVE-2015-5814, CVE-2015-5815, CVE-2015-5816, CVE-2015-5817, CVE-2015-5818, CVE-2015-5819, CVE-2015-5821, CVE-2015-5822, CVE-2015-5823)
 - An unspecified flaw exists that is triggered during the handling of network connection redirects. This may allow a remote man-in-the-middle attacker to gain access to hashed SMB credential information. (CVE-2015-5920)

The remote host is running a version of iOS that is prior to version 8.4.0 and the following components contain vulnerabilities :

 - Application Store 
 - Certificate Trust Policy 
 - CFNetwork HTTPAuthentication 
 - CoreGraphics 
 - CoreText 
 - coreTLS 
 - DiskImages 
 - FontParser 
 - ImageIO 
 - Kernel 
 - Mail 
 - MobileInstallation 
 - Safari 
 - Security 
 - SQLite 
 - Telephony 
 - WebKit 
 - WiFi Connectivity

The version of Apple iTunes installed on the remote Windows host is prior to 12.3. It is, therefore, affected by multiple vulnerabilities in the bundled versions of WebKit, CoreText, the Microsoft Visual Studio C++ Redistributable Package, and ICU.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Safari installed on the remote host is prior to 6.2.6 / 7.1.6 / 8.0.6 and is affected by the following vulnerabilities :

 - Multiple memory corruption issues in WebKit due to improper validation of user-supplied input. A remote attacker can exploit this, via a specially crafted web page, to cause a denial of service condition or to execute arbitrary code. (CVE-2015-1152, CVE-2015-1153, and CVE-2015-1154)
 - An information disclosure vulnerability in WebKit History exists due to a state management flaw and improper validation of user-supplied input. A remote attacker can exploit this, via a specially crafted web page, to disclose sensitive information from the file system. (CVE-2015-1155)
 - A flaw exists in WebKit Page Loading due to improper handling of rel attributes in anchor elements that allows target objects to get unauthorized access to link objects. A remote attacker can exploit this, via a specially crafted web page, to spoof the user interface. (CVE-2015-1156)

The version of Apple iTunes installed on the remote Windows host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities in the bundled version of WebKit, including denial of service and arbitrary code execution vulnerabilities.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The mobile device is running a version of iOS prior to version 8.4. It is, therefore, affected by vulnerabilities in the following components :

  - Application Store
  - Certificate Trust Policy
  - CFNetwork HTTPAuthentication
  - CoreGraphics
  - CoreText
  - coreTLS
  - DiskImages
  - FontParser
  - ImageIO
  - Kernel
  - Mail
  - MobileInstallation
  - Safari
  - Security
  - SQLite
  - Telephony
  - WebKit
  - WiFi Connectivity

The version of Apple Safari installed on the remote Mac OS X host is prior to 6.2.6 / 7.1.6 / 8.0.6. It is, therefore, affected by the following vulnerabilities :

  - Multiple memory corruption issues in WebKit due to     improper validation of user-supplied input. A remote     attacker can exploit this, via a specially crafted     web page, to cause a denial of service condition or to     execute arbitrary code. (CVE-2015-1152, CVE-2015-1153,     and CVE-2015-1154)

  - An information disclosure vulnerability in WebKit     History exists due to a state management flaw and     improper validation of user-supplied input. A remote     attacker can exploit this, via a specially crafted web     page, to disclose sensitive information from the file     system. (CVE-2015-1155)     
  - A flaw exists in WebKit Page Loading due to improper     handling of rel attributes in anchor elements that     allows target objects to get unauthorized access to link     objects. A remote attacker can exploit this, via a     specially crafted web page, to spoof the user interface.
    (CVE-2015-1156)

ID	Name	Product	Family	Severity
89950	openSUSE Security Update : webkit2gtk3 (openSUSE-2016-340)	Nessus	SuSE Local Security Checks	medium
86601	Apple iTunes < 12.3 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	high
86600	Apple iTunes < 12.2 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	high
8958	iTunes for Windows < 12.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
8977	Apple iOS < 8.4 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
86001	Apple iTunes < 12.3 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high
8870	Safari < 6.2.6 / 7.1.6 / 8.0.6 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
84504	Apple iTunes < 12.2 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high
84490	Apple iOS < 8.4 Multiple Vulnerabilities (Logjam)	Nessus	Mobile Devices	high
83291	Mac OS X : Apple Safari < 6.2.6 / 7.1.6 / 8.0.6 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	medium

CVE-2015-1152

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins