Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2020:0468-1 Important: WebKit2GTK3 Memory Corruption Fix

suse
Calendar Grey February 25, 2020
Dist Suse Esm H88
SUSE releases critical patch for webkit2gtk3 addressing 8 security flaws, which encompass memory leaks and cross-site scripting vulnerabilities.
An update that fixes 8 vulnerabilities is now available

Summary

This update for webkit2gtk3 to version 2.26.4 fixes the following issues: Security issues fixed: - CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719). - CVE-2020-3862: Fixed a memory handling issue (bsc#1163809). - CVE-2020-3864: Fixed a logic issue in the DOM object context handling (bsc#1163809). - CVE-2020-3865: Fixed a logic issue in the DOM object context handling (bsc#1163809). - CVE-2020-3867: Fixed an XSS issue (bsc#1163809). - CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809). Non-security issues fixed: - Fixed issues while trying to play a video on NextCloud.

Topics%20covered

Topics Covered

security advisory software update memory corruption important SUSE XSS issue webkit2gtk3

References

#1159329 #1161719 #1163809

Cross- CVE-2019-8835 CVE-2019-8844 CVE-2019-8846

CVE-2020-3862 CVE-2020-3864 CVE-2020-3865

CVE-2020-3867 CVE-2020-3868

Affected Products:

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Desktop Applications 15-SP1

SUSE Linux Enterprise Module for Desktop Applications 15

SUSE Linux Enterprise Module for Basesystem 15-SP1

SUSE Linux Enterprise Module for Basesystem 15

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

https://www.suse.com/security/cve/CV...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:0468-1
Rating: important

Topics%20covered

Topics Covered

security advisory software update memory corruption important SUSE XSS issue webkit2gtk3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here