99886

1038950

https://support.apple.com/HT207921

https://support.apple.com/HT207923

https://support.apple.com/HT207924

This update for webkit2gtk3 fixes the following issues :

Update to version 2.18.5 :

  + Disable SharedArrayBuffers from Web API.

  + Reduce the precision of 'high' resolution time to 1ms.

  + bsc#1075419 - Security fixes: includes improvements to     mitigate the effects of Spectre and Meltdown     (CVE-2017-5753 and CVE-2017-5715).

Update to version 2.18.4 :

  + Make WebDriver implementation more spec compliant.

  + Fix a bug when trying to remove cookies before a web     process is spawned.

  + WebKitWebDriver process no longer links to     libjavascriptcoregtk.

  + Fix several memory leaks in GStreamer media backend.

  + bsc#1073654 - Security fixes: CVE-2017-13866,     CVE-2017-13870, CVE-2017-7156, CVE-2017-13856.

Update to version 2.18.3 :

  + Improve calculation of font metrics to prevent     scrollbars from being shown unnecessarily in some cases.

  + Fix handling of null capabilities in WebDriver     implementation.

  + Security fixes: CVE-2017-13798, CVE-2017-13788,     CVE-2017-13803.

Update to version 2.18.2 :

  + Fix rendering of arabic text.

  + Fix a crash in the web process when decoding GIF images.

  + Fix rendering of wind in Windy.com.

  + Fix several crashes and rendering issues.

Update to version 2.18.1 :

  + Improve performance of GIF animations.

  + Fix garbled display in GMail.

  + Fix rendering of several material design icons when     using the web font.

  + Fix flickering when resizing the window in Wayland.

  + Prevent default kerberos authentication credentials from     being used in ephemeral sessions.

  + Fix a crash when webkit_web_resource_get_data() is     cancelled.

  + Correctly handle touchmove and touchend events in     WebKitWebView.

  + Fix the build with enchant 2.1.1.

  + Fix the build in HPPA and Alpha.

  + Fix several crashes and rendering issues.

  + Security fixes: CVE-2017-7081, CVE-2017-7087,     CVE-2017-7089, CVE-2017-7090, CVE-2017-7091,     CVE-2017-7092, CVE-2017-7093, CVE-2017-7094,     CVE-2017-7095, CVE-2017-7096, CVE-2017-7098,     CVE-2017-7099, CVE-2017-7100, CVE-2017-7102,     CVE-2017-7104, CVE-2017-7107, CVE-2017-7109,     CVE-2017-7111, CVE-2017-7117, CVE-2017-7120,     CVE-2017-7142.

  - Enable gold linker on s390/s390x on SLE15/Tumbleweed.

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for webkit2gtk3 fixes the following issues: Update to version 2.18.5 :

  + Disable SharedArrayBuffers from Web API.

  + Reduce the precision of 'high' resolution time to 1ms.

  + bsc#1075419 - Security fixes: includes improvements to     mitigate the effects of Spectre and Meltdown     (CVE-2017-5753 and CVE-2017-5715). Update to version     2.18.4 :

  + Make WebDriver implementation more spec compliant.

  + Fix a bug when trying to remove cookies before a web     process is spawned.

  + WebKitWebDriver process no longer links to     libjavascriptcoregtk.

  + Fix several memory leaks in GStreamer media backend.

  + bsc#1073654 - Security fixes: CVE-2017-13866,     CVE-2017-13870, CVE-2017-7156, CVE-2017-13856. Update to     version 2.18.3 :

  + Improve calculation of font metrics to prevent     scrollbars from being shown unnecessarily in some cases.

  + Fix handling of null capabilities in WebDriver     implementation.

  + Security fixes: CVE-2017-13798, CVE-2017-13788,     CVE-2017-13803. Update to version 2.18.2 :

  + Fix rendering of arabic text.

  + Fix a crash in the web process when decoding GIF images.

  + Fix rendering of wind in Windy.com.

  + Fix several crashes and rendering issues. Update to     version 2.18.1 :

  + Improve performance of GIF animations.

  + Fix garbled display in GMail.

  + Fix rendering of several material design icons when     using the web font.

  + Fix flickering when resizing the window in Wayland.

  + Prevent default kerberos authentication credentials from     being used in ephemeral sessions.

  + Fix a crash when webkit_web_resource_get_data() is     cancelled.

  + Correctly handle touchmove and touchend events in     WebKitWebView.

  + Fix the build with enchant 2.1.1.

  + Fix the build in HPPA and Alpha.

  + Fix several crashes and rendering issues.

  + Security fixes: CVE-2017-7081, CVE-2017-7087,     CVE-2017-7089, CVE-2017-7090, CVE-2017-7091,     CVE-2017-7092, CVE-2017-7093, CVE-2017-7094,     CVE-2017-7095, CVE-2017-7096, CVE-2017-7098,     CVE-2017-7099, CVE-2017-7100, CVE-2017-7102,     CVE-2017-7104, CVE-2017-7107, CVE-2017-7109,     CVE-2017-7111, CVE-2017-7117, CVE-2017-7120,     CVE-2017-7142.

  - Enable gold linker on s390/s390x on SLE15/Tumbleweed.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Versions of Apple TV earlier than 10.2.2 are affected by multiple vulnerabilities in the following components :

 - CoreText
 - Kernel 
 - syslog
 - WebKit

The version of iOS running on the mobile device is prior to 10.3.3, and is affected by multiple vulnerabilities :

 - A flaw exists in Safari due to inconsistent user interface behavior. An unauthenticated, remote attacker can exploit this, via a malicious website, to spoof the address bar. (CVE-2017-2517)
 - An information disclosure vulnerability exists in the WebKit component due to improper handling of SVG filters. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose sensitive cross-domain information. (CVE-2017-7006)
 - A denial of service vulnerability exists in the EventKitUI component that allows an unauthenticated, remote attacker to exhaust available resources, causing an application to terminate. (CVE-2017-7007)
 - A remote code execution vulnerability exists in the CoreAudio component due to improper validation of user-supplied input when handling movie files. An unauthenticated, remote attacker can exploit this, by convincing a user to play a specially crafted movie file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7008)
 - A memory corruption issue exists in the IOUSBFamily component due to improper validation of user-supplied input. A local attacker can exploit this, via a specially crafted application, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7009)
 - Multiple out-of-bounds read errors exist in the libxml2 component due to improper handling of specially crafted XML documents. An unauthenticated, remote attacker can exploit these to disclose user information. (CVE-2017-7010, CVE-2017-7013)
 - A unspecified flaw exists in the Webkit component that allows an unauthenticated, remote attacker to spoof the address bar via a malicious website. (CVE-2017-7011)
 - Multiple memory corruption issues exist in the Webkit Web Inspector component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via a specially crafted web page, to corrupt memory, resulting in the execution of arbitrary code. (CVE-2017-7012)
 - Multiple memory corruption issues exist in the WebKit component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7018, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)
 - A memory corruption issue exists in the 'WebKit Page Loading' component due to improper validation of input. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7019)
 - Multiple memory corruption issues exist in the kernel due to improper validation of input. A local attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code with system privileges. (CVE-2017-7022, CVE-2017-7024, CVE-2017-7026)
 - Multiple memory corruption issues exist in the kernel due to improper validation of input. A local attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code with kernel privileges. (CVE-2017-7023, CVE-2017-7025, CVE-2017-7027, CVE-2017-7069)
 - Multiple unspecified flaws exist in the kernel due to a failure to properly sanitize input. A local attacker can exploit these issues, via a specially crafted application, to disclose restricted memory. (CVE-2017-7028, CVE-2017-7029)
 - Multiple cross-site scripting (XSS) vulnerabilities exist in the WebKit component in the DOMParser due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit these issue, via a specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2017-7038, CVE-2017-7059)
 - A memory corruption issue exists in the libxpc component due to improper validation of input. A local attacker can exploit this issue, via a specifically crafted application, to cause a denial of service condition or the execution of arbitrary code with system privileges. (CVE-2017-7047)
 - An information disclosure vulnerability exists due to the device displaying notifications on the lock screen even when disabled. A local attacker can exploit this to gain potentially sensitive information. (CVE-2017-7058)
 - A denial of service vulnerability exists in Safari printing when handling a specially crafted web page that results in creating an infinite number of print dialogs. An unauthenticated, remote attacker can exploit this to cause a user to believe that the browser has locked up. (CVE-2017-7060)
 - A buffer overflow condition exists in the Contacts component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7062)
 - A denial of service vulnerability exists in the Messages component due to improper handling of memory. An unauthenticated, remote attacker can exploit this to consume excessive resources, resulting in an unexpected application termination. (CVE-2017-7063)
 - An unspecified memory initialization issue exists in Webkit. A local attacker can exploit this, via a specially crafted application, to disclose the contents of restricted memory. (CVE-2017-7064)
 - A buffer overflow condition exists in the libarchive component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted archive file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7068)
 - A memory corruption issue exists in the Telephony component due to improper validation of user-supplied input. A man-in-the-middle attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-8248)
 - A memory corruption issue exists in the Broadcom BCM43xx family Wi-Fi Chips component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-9417)

Versions of Safari prior to 10.1.2 are affected by multiple vulnerabilities :

 - An information disclosure vulnerability exists in the WebKit component due to improper handling of SVG filters. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose sensitive cross-domain information. (CVE-2017-7006)
 - An unspecified flaw exists that allows an unauthenticated, remote attacker to spoof the address bar via a specially crafted website. (CVE-2017-7011)
 - Multiple memory corruption issues exists in the 'WebKit Web Inspector' component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7012)
 - Multiple memory corruption issues exist in the WebKit component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7018, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)
 - A memory corruption issue exists in the 'WebKit Page Loading' component due to improper validation of input. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7019)
 - Multiple cross-site scripting (XSS) vulnerabilities exist in the WebKit component in the DOMParser due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit these issue, via a specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2017-7038, CVE-2017-7059)
 - A denial of service vulnerability exists in the Safari Printing component. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to create an infinite number of print dialogs. (CVE-2017-7060)
 - An unspecified memory initialization flaw exists in WebKit. A local attacker can exploit this, via a specially crafted application, to disclose restricted memory. (CVE-2017-7064)

The Webkit gtk team reports :

Please reference CVE/URL list for details

The version of Apple iOS running on the mobile device is prior to 10.3.3. It is, therefore, affected by multiple vulnerabilities :

  - A flaw exists in Safari due to inconsistent user     interface behavior. An unauthenticated, remote attacker     can exploit this, via a malicious website, to spoof the     address bar. (CVE-2017-2517)

  - An information disclosure vulnerability exists in the     WebKit component due to improper handling of SVG     filters. An unauthenticated, remote attacker can exploit     this, via a timing side-channel attack, to disclose     sensitive cross-domain information. (CVE-2017-7006)

  - A denial of service vulnerability exists in the     EventKitUI component that allows an unauthenticated,     remote attacker to exhaust available resources, causing     an application to terminate. (CVE-2017-7007)

  - A remote code execution vulnerability exists in the     CoreAudio component due to improper validation of     user-supplied input when handling movie files. An     unauthenticated, remote attacker can exploit this, by     convincing a user to play a specially crafted movie     file, to cause a denial of service condition or the     execution of arbitrary code. (CVE-2017-7008)

  - A memory corruption issue exists in the IOUSBFamily     component due to improper validation of user-supplied     input. A local attacker can exploit this, via a     specially crafted application, to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-7009)

  - Multiple out-of-bounds read errors exist in the libxml2     component due to improper handling of specially crafted     XML documents. An unauthenticated, remote attacker can     exploit these to disclose user information.
    (CVE-2017-7010, CVE-2017-7013)

  - A unspecified flaw exists in the Webkit component that     allows an unauthenticated, remote attacker to spoof the     address bar via a malicious website. (CVE-2017-7011)

  - Multiple memory corruption issues exist in the Webkit     Web Inspector component due to improper validation of     user-supplied input. An unauthenticated, remote attacker     can exploit these, via a specially crafted web page, to     corrupt memory, resulting in the execution of arbitrary     code. (CVE-2017-7012)

  - Multiple memory corruption issues exist in the WebKit     component due to improper validation of input. An     unauthenticated, remote attacker can exploit these     issues, via a specially crafted web page, to execute     arbitrary code. (CVE-2017-7018, CVE-2017-7020,     CVE-2017-7030, CVE-2017-7034, CVE-2017-7037,     CVE-2017-7039, CVE-2017-7040, CVE-2017-7041,     CVE-2017-7042, CVE-2017-7043, CVE-2017-7046,     CVE-2017-7048, CVE-2017-7049, CVE-2017-7052,     CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)

  - A memory corruption issue exists in the 'WebKit Page     Loading' component due to improper validation of input.
    An unauthenticated, remote attacker can exploit this,     via a specially crafted web page, to execute arbitrary     code. (CVE-2017-7019)

  - Multiple memory corruption issues exist in the kernel     due to improper validation of input. A local attacker     can exploit these issues to cause a denial of service     condition or the execution of arbitrary code with system     privileges. (CVE-2017-7022, CVE-2017-7024,     CVE-2017-7026)

  - Multiple memory corruption issues exist in the kernel     due to improper validation of input. A local attacker     can exploit these issues to cause a denial of service     condition or the execution of arbitrary code with kernel     privileges. (CVE-2017-7023, CVE-2017-7025,     CVE-2017-7027, CVE-2017-7069)

  - Multiple unspecified flaws exist in the kernel due to a     failure to properly sanitize input. A local attacker can     exploit these issues, via a specially crafted     application, to disclose restricted memory.
    (CVE-2017-7028, CVE-2017-7029)

  - Multiple cross-site scripting (XSS) vulnerabilities     exist in the WebKit component in the DOMParser due to     improper validation of user-supplied input before     returning it to users. An unauthenticated, remote     attacker can exploit these issue, via a specially     crafted URL, to execute arbitrary script code in a     user's browser session. (CVE-2017-7038, CVE-2017-7059)

  - A memory corruption issue exists in the libxpc component     due to improper validation of input. A local attacker     can exploit this issue, via a specifically crafted     application, to cause a denial of service condition or     the execution of arbitrary code with system privileges.
    (CVE-2017-7047)

  - An information disclosure vulnerability exists due to     the device displaying notifications on the lock screen     even when disabled. A local attacker can exploit this to     gain potentially sensitive information. (CVE-2017-7058)

  - A denial of service vulnerability exists in Safari     printing when handling a specially crafted web page that     results in creating an infinite number of print dialogs.
    An unauthenticated, remote attacker can exploit this     to cause a user to believe that the browser has locked     up. (CVE-2017-7060)

  - A buffer overflow condition exists in the Contacts     component due to improper validation of user-supplied     input. An unauthenticated, remote attacker can exploit     this to cause a denial of service condition or the     execution of arbitrary code. (CVE-2017-7062)

  - A denial of service vulnerability exists in the Messages     component due to improper handling of memory. An     unauthenticated, remote attacker can exploit this to     consume excessive resources, resulting in an unexpected     application termination. (CVE-2017-7063)

  - An unspecified memory initialization issue exists in     Webkit. A local attacker can exploit this, via a     specially crafted application, to disclose the contents     of restricted memory. (CVE-2017-7064)

  - A buffer overflow condition exists in the libarchive     component due to improper validation of user-supplied     input. An unauthenticated, remote attacker can exploit     this, via a specially crafted archive file, to cause a     denial of service condition or the execution of     arbitrary code. (CVE-2017-7068)

  - A memory corruption issue exists in the Telephony     component due to improper validation of user-supplied     input. A man-in-the-middle attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-8248)

  - A memory corruption issue exists in the Broadcom BCM43xx     family Wi-Fi Chips component that allows an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2017-9417)

The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 10.1.2. It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists in the     WebKit component due to improper handling of SVG filters.
    An unauthenticated, remote attacker can exploit this,     via a timing side-channel attack, to disclose sensitive     cross-domain information. (CVE-2017-7006)

  - An unspecified flaw exists that allows an     unauthenticated, remote attacker to spoof the address     bar via a specially crafted website. (CVE-2017-7011)

  - Multiple memory corruption issues exists in the 'WebKit     Web Inspector' component due to improper validation of     input. An unauthenticated, remote attacker can exploit     these issues, via a specially crafted web page, to     execute arbitrary code. (CVE-2017-7012)

  - Multiple memory corruption issues exist in the WebKit     component due to improper validation of input. An     unauthenticated, remote attacker can exploit these     issues, via a specially crafted web page, to execute     arbitrary code. (CVE-2017-7018, CVE-2017-7020,     CVE-2017-7030, CVE-2017-7034, CVE-2017-7037,     CVE-2017-7039, CVE-2017-7040, CVE-2017-7041,     CVE-2017-7042, CVE-2017-7043, CVE-2017-7046,     CVE-2017-7048, CVE-2017-7049, CVE-2017-7052,     CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)

  - A memory corruption issue exists in the 'WebKit Page     Loading' component due to improper validation of input.
    An unauthenticated, remote attacker can exploit this,     via a specially crafted web page, to execute arbitrary     code. (CVE-2017-7019)

  - Multiple cross-site scripting (XSS) vulnerabilities     exist in the WebKit component in the DOMParser due to     improper validation of user-supplied input before     returning it to users. An unauthenticated, remote     attacker can exploit these issue, via a specially     crafted URL, to execute arbitrary script code in a     user's browser session. (CVE-2017-7038, CVE-2017-7059)

  - A denial of service vulnerability exists in the Safari     Printing component. An unauthenticated, remote attacker     can exploit this, via a specially crafted web page, to     create an infinite number of print dialogs.
    (CVE-2017-7060)

  - An unspecified memory initialization flaw exists in     WebKit. A local attacker can exploit this, via a     specially crafted application, to disclose restricted     memory. (CVE-2017-7064)

ID	Name	Product	Family	Severity
106549	openSUSE Security Update : webkit2gtk3 (openSUSE-2018-118) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
106370	SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2018:0219-1) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
700169	Apple TV < 10.2.2 Multiple Vulnerabilities	Nessus Network Monitor	Internet Services	critical
700167	Apple iOS < 10.3.3 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	critical
700166	Safari < 10.1.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
101966	FreeBSD : webkit2-gtk3 -- multiple vulnerabilities (0f66b901-715c-11e7-ad1f-bcaec565249c)	Nessus	FreeBSD Local Security Checks	high
101953	Apple iOS < 10.3.3 Multiple Vulnerabilities	Nessus	Mobile Devices	critical
101931	macOS : Apple Safari < 10.1.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high

CVE-2017-7059

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

critical

critical

high

high

critical

high