Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2020:1135-1 Important: WebKit2gtk3 Denial Of Service

suse
Calendar Grey April 29, 2020
Dist Suse Esm H88
A new update for webkit2gtk3 addresses critical security concerns, implementing over 30 patches that rectify various vulnerabilities.
An update that fixes 30 vulnerabilities is now available

Summary

This update for webkit2gtk3 to version 2.28.1 fixes the following issues: Security issues fixed: - CVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528). - CVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658). - CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719). - CVE-2020-3862: Fixed a memory handling issue (bsc#1163809). - CVE-2020-3867: Fixed an XSS issue (bsc#1163809). - CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809).

Topics%20covered

Topics Covered

security advisory denial of service arbitrary code execution memory corruption important SUSE webkit2gtk3

References

#1155321 #1156318 #1159329 #1161719 #1163809

#1165528 #1169658

Cross- CVE-2019-8625 CVE-2019-8710 CVE-2019-8720

CVE-2019-8743 CVE-2019-8764 CVE-2019-8766

CVE-2019-8769 CVE-2019-8771 CVE-2019-8782

CVE-2019-8783 CVE-2019-8808 CVE-2019-8811

CVE-2019-8812 CVE-2019-8813 CVE-2019-8814

CVE-2019-8815 CVE-2019-8816 CVE-2019-8819

CVE-2019-8820 CVE-2019-8823 CVE-2019-8835

CVE-2019-8844 CVE-2019-8846 CVE-2020-10018

CVE-2020-11793 CVE-2020-3862 CVE-2020-3864

CVE-2020-3865 CVE-2020-3867 CVE-2020-3868

Affected Products:

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Workstation Extension 12-SP4

SUSE Linux Enterprise Software Development ...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:1135-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service arbitrary code execution memory corruption important SUSE webkit2gtk3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here