Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

openSUSE: 2019:2587-1 Important: webkit2gtk3 Cross Site Scripting Risk

opensuse
Calendar Grey November 30, 2019
Dist Opensuse Esm H88
The latest update for webkit2gtk3 aimed at openSUSE addresses 42 significant vulnerabilities, notably resolving memory corruption concerns.
An update that fixes 42 vulnerabilities is now available.

Description

This update for webkit2gtk3 to version 2.26.2 fixes the following issues:

Webkit2gtk3 was updated to version 2.26.2 (WSA-2019-0005 and

WSA-2019-0006, bsc#1155321 bsc#1156318)

Security issues addressed:

- CVE-2019-8625: Fixed a logic issue where by processing maliciously

crafted web content may lead to universal cross site scripting.

- CVE-2019-8674: Fixed a logic issue where by processing maliciously

crafted web content may lead to universal cross site scripting.

- CVE-2019-8707: Fixed multiple memory corruption issues where by

processing maliciously crafted web content may lead to arbitrary code

execution.

- CVE-2019-8719: Fixed a logic issue where by processing maliciously

crafted web content may lead to universal cross site scripting.

- CVE-2019-8720: Fixed multiple memory corruption issues where by

processing maliciously crafted web content may lead to arbitrary code

execution.

- CVE-2019-8726: Fixed multiple...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2587=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

libjavascriptcoregtk-4_0-18-2.26.2-lp150.2.28.1

libjavascriptcoregtk-4_0-18-debuginfo-2.26.2-lp150.2.28.1

libwebkit2gtk-4_0-37-2.26.2-lp150.2.28.1

libwebkit2gtk-4_0-37-debuginfo-2.26.2-lp150.2.28.1

typelib-1_0-JavaScriptCore-4_0-2.26.2-lp150.2.28.1

typelib-1_0-WebKit2-4_0-2.26.2-lp150.2.28.1

typelib-1_0-WebKit2WebExtension-4_0-2.26.2-lp150.2.28.1

webkit-jsc-4-2.26.2-lp150.2.28.1

webkit-jsc-4-debuginfo-2.26.2-lp150.2.28.1

webkit2gtk-4_0-injected-bundles-2.26.2-lp150.2.28.1

webkit2gtk-4_0-injected-bundles-debuginfo-2.26.2-lp150.2.28.1

webkit2gtk3-debugsource-2.26.2-lp150.2.28.1

webkit2gtk3-devel-2.26.2-lp150.2.28.1

webkit2gtk3-minibrowser-2.26.2-lp150.2.28.1

webkit2gtk3-minibrowser-debuginfo-2.26.2-lp150.2.28.1

- openSUSE Leap 15.0 (noarch):

libwebkit2gtk3-lang-2.26.2-lp150.2.28.1

- openSUSE Leap 15.0 (x86_64):

libjavascriptcoregtk-4_0-18-32bit-2.26.2-lp150.2.28.1

libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.26.2-lp150.2.28.1

libwebkit2gtk-4_0-37-32bit-2.26.2-lp150.2.28.1...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2019-8551.html

https://www.suse.com/security/cve/CVE-2019-8558.html

https://www.suse.com/security/cve/CVE-2019-8559.html

https://www.suse.com/security/cve/CVE-2019-8563.html

https://www.suse.com/security/cve/CVE-2019-8625.html

https://www.suse.com/security/cve/CVE-2019-8674.html

https://www.suse.com/security/cve/CVE-2019-8681.html

https://www.suse.com/security/cve/CVE-2019-8684.html

https://www.suse.com/security/cve/CVE-2019-8686.html

https://www.suse.com/security/cve/CVE-2019-8687.html

https://www.suse.com/security/cve/CVE-2019-8688.html

https://www.suse.com/security/cve/CVE-2019-8689.html

https://www.suse.com/security/cve/CVE-2019-8690.html

https://www.suse.com/security/cve/CVE-2019-8707.html

https://www.suse.com/security/cve/CVE-2019-8710.html

https://www.suse.com/security/cve/CVE-2019-8719.html

https://www.suse.com/security/cve/CVE-2019-8720.html

https://www.suse.com/security/cve/CVE-2019-8726.html

https://www.suse.com/security/cve/CVE-2019-8733.html

https://www....

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:2587-1
Rating: important
Affected Products: openSUSE Leap 15.0

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.