openSUSE Security Update : webkit2gtk3 (openSUSE-2019-705)
High Nessus Plugin ID 123306
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for webkit2gtk3 to version 2.20.5 fixes the following issues :
Security issue fixed :
- CVE-2018-12911: Fix off-by-one in xdg_mime_get_simple_globs (bsc#1101999).
- CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.
- CVE-2018-4266: A malicious website may be able to cause a denial of service. A race condition was addressed with additional validation.
- CVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing maliciously crafted web content may lead to an unexpected application crash. A memory corruption issue was addressed with improved input validation.
- CVE-2018-4278: A malicious website may exfiltrate audio data cross-origin. Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.
Other bugs fixed :
- Fix rendering artifacts in some websites due to a bug introduced in 2.20.4.
- Fix a crash when leaving accelerated compositing mode.
This update was imported from the SUSE:SLE-15:Update update project.
SolutionUpdate the affected webkit2gtk3 packages.