APPLE-SA-2015-09-16-1

APPLE-SA-2015-09-16-3

APPLE-SA-2015-09-30-2

openSUSE-SU-2016:0761

76763

1033609

https://support.apple.com/HT205212

https://support.apple.com/HT205221

https://support.apple.com/HT205265

This update for webkit2gtk3 fixes the following issues :

  - Update to version 2.10.7 :

  + Fix the build with GTK+ < 3.16.

  - Changes from version 2.10.6 :

  + Fix a deadlock in the Web Process when JavaScript     garbage collector was running for a web worker thread     that made google maps to hang.

  + Fix media controls displaying without controls     attribute.

  + Fix a Web Process crash when quickly attempting many DnD     operations.

  - Changes from version 2.10.5 :

  + Disable DNS prefetch when a proxy is configured.

  + Reduce the maximum simultaneous network connections to     match other browsers.

  + Make WebKitWebView always propagate motion-notify-event     signal.

  + Add a way to force accelerating compositing mode at     runtime using an environment variable.

  + Fix input elements and scrollbars rendering with GTK+     3.19.

  + Fix rendering of lines when using solid colors.

  + Fix UI process crashes related to not having a main     resource response when the load is committed for pages     restored from the history cache.

  + Fix a WebProcess crash when loading large contents with     custom URI schemes API.

  + Fix a crash in the UI process when the WebView is     destroyed while the screensaver DBus proxy is being     created.

  + Fix WebProcess crashes due to BadDrawable X errors in     accelerated compositing mode.

  + Fix crashes on PPC64 due to mprotect() on address not     aligned to the page size.

  + Fix std::bad_function_call exception raised in     dispatchDecidePolicyForNavigationAction.

  + Fix downloads of data URLs.

  + Fix runtime critical warnings when closing a page     containing windowed plugins.

  + Fix several crashes and rendering issues.

  + Translation updates: French, German, Italian, Turkish.

  + Security fixes: CVE-2015-7096, CVE-2015-7098.

  - Update to version 2.10.4, notable changes :

  + New HTTP disk cache for the Network Process.

  + New Web Inspector UI.

  + Automatic ScreenServer inhibition when playing     fullscreen videos.

  + Initial Editor API.

  + Performance improvements.

  - This update addresses the following security issues:
    CVE-2015-1122, CVE-2015-1152, CVE-2015-1155,     CVE-2015-3660, CVE-2015-3730, CVE-2015-3738,     CVE-2015-3740, CVE-2015-3742, CVE-2015-3744,     CVE-2015-3746, CVE-2015-3750, CVE-2015-3751,     CVE-2015-3754, CVE-2015-3755, CVE-2015-5804,     CVE-2015-5805, CVE-2015-5807, CVE-2015-5810,     CVE-2015-5813, CVE-2015-5814, CVE-2015-5815,     CVE-2015-5817, CVE-2015-5818, CVE-2015-5825,     CVE-2015-5827, CVE-2015-5828, CVE-2015-5929,     CVE-2015-5930, CVE-2015-5931, CVE-2015-7002,     CVE-2015-7013, CVE-2015-7014, CVE-2015-7048,     CVE-2015-7095, CVE-2015-7097, CVE-2015-7099,     CVE-2015-7100, CVE-2015-7102, CVE-2015-7103,     CVE-2015-7104

  - Add BuildRequires: hyphen-devel to pick up hyphenation     support. Note this is broken upstream.

  - Build with -DENABLE_DATABASE_PROCESS=OFF and

    -DENABLE_INDEXED_DATABASE=OFF to avoid an issue with GCC     4.8.

The version of Apple iTunes running on the remote host is prior to 12.3. It is, therefore, affected by multiple vulnerabilities in the WebKit, CoreText, and ICU components, and in the bundled version of the Microsoft Visual Studio C++ Redistributable Package. An attacker can exploit these vulnerabilities to cause a denial of service, execute arbitrary code, or gain access to encrypted SMB credentials.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Versions of iTunes earlier than 12.3 are affected by multiple vulnerabilities which include :

 - A flaw exists in Microsoft Foundation Class's handling of library loading due to the use of a fixed path.  An attacker can place a custom version of the file or library in the path, and the program will load it before the legitimate version.  Thus, an attacker can leverage this flaw to execute custom code. (CVE-2010-3190)
 - International Components for Unicode for C/C++ (ICU4C) contains several flaws.  An overflow condition exists in the resolveImplicitLevels() function in 'ubidi.c', which is triggered as user-supplied input is not properly validated. Additionally, an integer truncation flaw exists in the same function in 'ubidi.c'.   Either flaw may allow an attacker to crash an application linked against the library or potentially execute arbitrary code. (CVE-2014-8146, CVE-2014-8147, CVE-2015-5922)
 - A flaw exists in CoreText that is triggered as user-supplied input is not properly validated when handling text and font files. This may allow a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2015-1157, CVE-2015-5874, CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, CVE-2015-5755, CVE-2015-5761)
 - A flaw exists that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-1152, CVE-2015-1153, CVE-2015-3730, CVE-2015-3731, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-5789, CVE-2015-5790, CVE-2015-5791, CVE-2015-5792, CVE-2015-5793, CVE-2015-5794, CVE-2015-5795, CVE-2015-5796, CVE-2015-5797, CVE-2015-5798, CVE-2015-5799, CVE-2015-5800, CVE-2015-5801, CVE-2015-5802, CVE-2015-5803, CVE-2015-5804, CVE-2015-5805, CVE-2015-5806, CVE-2015-5807, CVE-2015-5808, CVE-2015-5809, CVE-2015-5810, CVE-2015-5811, CVE-2015-5812, CVE-2015-5813, CVE-2015-5814, CVE-2015-5815, CVE-2015-5816, CVE-2015-5817, CVE-2015-5818, CVE-2015-5819, CVE-2015-5821, CVE-2015-5822, CVE-2015-5823)
 - An unspecified flaw exists that is triggered during the handling of network connection redirects. This may allow a remote man-in-the-middle attacker to gain access to hashed SMB credential information. (CVE-2015-5920)

The remote host is running a version of iOS that is prior to version 9.0 and the following components contain vulnerabilities :

 - Apple Pay 
 - AppleKeyStore 
 - Application Store 
 - Audio 
 - Certificate Trust Policy 
 - CFNetwork 
 - CFNetwork Cookies 
 - CFNetwork FTPProtocol 
 - CFNetwork Proxies 
 - CFNetwork SSL 
 - CoreAnimation 
 - CoreCrypto 
 - CoreText 
 - Data Detectors Engine 
 - Dev Tools 
 - Disk Images 
 - dyld 
 - Game Center 
 - ICU 
 - IOAcceleratorFamily 
 - IOHIDFamily 
 - IOKit 
 - IOMobileFrameBuffer 
 - IOStorageFamily 
 - iTunes Store 
 - JavaScriptCore 
 - Kernel 
 - libc 
 - libpthread 
 - Mail 
 - Multipeer Connectivity 
 - NetworkExtension 
 - OpenSSL 
 - PluginKit 
 - removefile 
 - Safari 
 - Safari Safe Browsing 
 - Security 
 - Siri 
 - SpringBoard 
 - SQLite 
 - tidy 
 - WebKit 
 - WebKit Canvas 
 - WebKit Page Loading

The version of Safari installed on the remote host is prior to 9.0. It is, therefore, affected by multiple vulnerabilities in the following components :

 - Safari
 - Safari Downloads
 - Safari Extensions
 - Safari Safe Browsing
 - WebKit
 - WebKit CSS
 - WebKit JavaScript Bindings
 - WebKit Page Loading
 - WebKit Plug-ins

The remote host is running a version of Mac OS X that is 10.6.8 or later but prior to 10.11. It is, therefore, affected by multiple vulnerabilities in the following components :

  - Address Book
  - AirScan
  - apache_mod_php
  - Apple Online Store Kit
  - AppleEvents
  - Audio
  - bash
  - Certificate Trust Policy
  - CFNetwork Cookies
  - CFNetwork FTPProtocol
  - CFNetwork HTTPProtocol
  - CFNetwork Proxies
  - CFNetwork SSL
  - CoreCrypto
  - CoreText
  - Dev Tools
  - Disk Images
  - dyld
  - EFI
  - Finder
  - Game Center
  - Heimdal
  - ICU
  - Install Framework Legacy
  - Intel Graphics Driver
  - IOAudioFamily
  - IOGraphics
  - IOHIDFamily
  - IOStorageFamily
  - Kernel
  - libc
  - libpthread
  - libxpc
  - Login Window
  - lukemftpd
  - Mail
  - Multipeer Connectivity
  - NetworkExtension
  - Notes
  - OpenSSH
  - OpenSSL
  - procmail
  - remote_cmds
  - removefile
  - Ruby
  - Safari
  - Safari Downloads
  - Safari Extensions
  - Safari Safe Browsing
  - Security
  - SMB
  - SQLite
  - Telephony
  - Terminal
  - tidy
  - Time Machine
  - WebKit
  - WebKit CSS
  - WebKit JavaScript Bindings
  - WebKit Page Loading
  - WebKit Plug-ins

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The version of Apple Safari installed on the remote Mac OS X host is prior to 9.0. It is, therefore, affected by multiple vulnerabilities in the following components :

  - Safari
  - Safari Downloads
  - Safari Extensions
  - Safari Safe Browsing
  - WebKit
  - WebKit CSS
  - WebKit JavaScript Bindings
  - WebKit Page Loading
  - WebKit Plug-ins

The version of Apple iTunes installed on the remote Windows host is prior to 12.3. It is, therefore, affected by multiple vulnerabilities in the bundled versions of WebKit, CoreText, the Microsoft Visual Studio C++ Redistributable Package, and ICU.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The mobile device is running a version of iOS prior to version 9.0. It is, therefore, affected by vulnerabilities in the following components :

  - Apple Pay
  - AppleKeyStore
  - Application Store
  - Audio
  - Certificate Trust Policy
  - CFNetwork
  - CFNetwork Cookies
  - CFNetwork FTPProtocol
  - CFNetwork Proxies
  - CFNetwork SSL
  - CommonCrypto 
  - CoreAnimation
  - CoreCrypto
  - CoreText
  - Data Detectors Engine
  - Dev Tools
  - Disk Images
  - dyld
  - Game Center
  - ICU
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - IOMobileFrameBuffer
  - IOStorageFamily
  - iTunes Store
  - JavaScriptCore
  - Kernel
  - libc
  - libpthread
  - Mail
  - Multipeer Connectivity
  - NetworkExtension
  - OpenSSL
  - PluginKit
  - removefile
  - Safari
  - Safari Safe Browsing
  - Security
  - Siri
  - SpringBoard
  - SQLite
  - tidy
  - WebKit
  - WebKit Canvas
  - WebKit Page Loading

ID	Name	Product	Family	Severity
89950	openSUSE Security Update : webkit2gtk3 (openSUSE-2016-340)	Nessus	SuSE Local Security Checks	medium
86601	Apple iTunes < 12.3 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	critical
8958	iTunes for Windows < 12.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
8979	Apple iOS < 9.0 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
8976	Safari < 9.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
86270	Mac OS X < 10.11 Multiple Vulnerabilities (GHOST)	Nessus	MacOS X Local Security Checks	critical
86252	Mac OS X : Apple Safari < 9.0 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
86001	Apple iTunes < 12.3 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	critical
85987	Apple iOS < 9.0 Multiple Vulnerabilities	Nessus	Mobile Devices	high

CVE-2015-5813

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins