Security update for webkit2gtk3 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:0108-1 Final 1 1 2019-01-31T15:06:42Z current 2019-01-31T15:06:42Z 2019-01-31T15:06:42Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for webkit2gtk3 This update for webkit2gtk3 to version 2.22.5 fixes the following issues: Security issues fixed: - CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554) - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558) This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00050.html E-Mail link for openSUSE-SU-2019:0108-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libjavascriptcoregtk-4_0-18-2.22.5-18.1 libjavascriptcoregtk-4_0-18-32bit-2.22.5-18.1 libwebkit2gtk-4_0-37-2.22.5-18.1 libwebkit2gtk-4_0-37-32bit-2.22.5-18.1 libwebkit2gtk3-lang-2.22.5-18.1 typelib-1_0-JavaScriptCore-4_0-2.22.5-18.1 typelib-1_0-WebKit2-4_0-2.22.5-18.1 typelib-1_0-WebKit2WebExtension-4_0-2.22.5-18.1 webkit-jsc-4-2.22.5-18.1 webkit2gtk-4_0-injected-bundles-2.22.5-18.1 webkit2gtk3-2.22.5-18.1 webkit2gtk3-devel-2.22.5-18.1 webkit2gtk3-minibrowser-2.22.5-18.1 webkit2gtk3-plugin-process-gtk2-2.22.5-18.1 libjavascriptcoregtk-4_0-18-2.22.5-18.1 as a component of openSUSE Leap 42.3 libjavascriptcoregtk-4_0-18-32bit-2.22.5-18.1 as a component of openSUSE Leap 42.3 libwebkit2gtk-4_0-37-2.22.5-18.1 as a component of openSUSE Leap 42.3 libwebkit2gtk-4_0-37-32bit-2.22.5-18.1 as a component of openSUSE Leap 42.3 libwebkit2gtk3-lang-2.22.5-18.1 as a component of openSUSE Leap 42.3 typelib-1_0-JavaScriptCore-4_0-2.22.5-18.1 as a component of openSUSE Leap 42.3 typelib-1_0-WebKit2-4_0-2.22.5-18.1 as a component of openSUSE Leap 42.3 typelib-1_0-WebKit2WebExtension-4_0-2.22.5-18.1 as a component of openSUSE Leap 42.3 webkit-jsc-4-2.22.5-18.1 as a component of openSUSE Leap 42.3 webkit2gtk-4_0-injected-bundles-2.22.5-18.1 as a component of openSUSE Leap 42.3 webkit2gtk3-2.22.5-18.1 as a component of openSUSE Leap 42.3 webkit2gtk3-devel-2.22.5-18.1 as a component of openSUSE Leap 42.3 webkit2gtk3-minibrowser-2.22.5-18.1 as a component of openSUSE Leap 42.3 webkit2gtk3-plugin-process-gtk2-2.22.5-18.1 as a component of openSUSE Leap 42.3 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. CVE-2018-4437 openSUSE Leap 42.3:libjavascriptcoregtk-4_0-18-2.22.5-18.1 openSUSE Leap 42.3:libjavascriptcoregtk-4_0-18-32bit-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk-4_0-37-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk-4_0-37-32bit-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk3-lang-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-JavaScriptCore-4_0-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-WebKit2-4_0-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-WebKit2WebExtension-4_0-2.22.5-18.1 openSUSE Leap 42.3:webkit-jsc-4-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk-4_0-injected-bundles-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-devel-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-minibrowser-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-plugin-process-gtk2-2.22.5-18.1 critical Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00050.html https://www.suse.com/security/cve/CVE-2018-4437.html CVE-2018-4437 https://bugzilla.suse.com/1119553 SUSE Bug 1119553 A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. CVE-2018-4438 openSUSE Leap 42.3:libjavascriptcoregtk-4_0-18-2.22.5-18.1 openSUSE Leap 42.3:libjavascriptcoregtk-4_0-18-32bit-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk-4_0-37-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk-4_0-37-32bit-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk3-lang-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-JavaScriptCore-4_0-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-WebKit2-4_0-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-WebKit2WebExtension-4_0-2.22.5-18.1 openSUSE Leap 42.3:webkit-jsc-4-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk-4_0-injected-bundles-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-devel-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-minibrowser-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-plugin-process-gtk2-2.22.5-18.1 critical Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00050.html https://www.suse.com/security/cve/CVE-2018-4438.html CVE-2018-4438 https://bugzilla.suse.com/1119554 SUSE Bug 1119554 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. CVE-2018-4441 openSUSE Leap 42.3:libjavascriptcoregtk-4_0-18-2.22.5-18.1 openSUSE Leap 42.3:libjavascriptcoregtk-4_0-18-32bit-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk-4_0-37-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk-4_0-37-32bit-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk3-lang-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-JavaScriptCore-4_0-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-WebKit2-4_0-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-WebKit2WebExtension-4_0-2.22.5-18.1 openSUSE Leap 42.3:webkit-jsc-4-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk-4_0-injected-bundles-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-devel-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-minibrowser-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-plugin-process-gtk2-2.22.5-18.1 critical Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00050.html https://www.suse.com/security/cve/CVE-2018-4441.html CVE-2018-4441 https://bugzilla.suse.com/1119555 SUSE Bug 1119555 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. CVE-2018-4442 openSUSE Leap 42.3:libjavascriptcoregtk-4_0-18-2.22.5-18.1 openSUSE Leap 42.3:libjavascriptcoregtk-4_0-18-32bit-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk-4_0-37-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk-4_0-37-32bit-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk3-lang-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-JavaScriptCore-4_0-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-WebKit2-4_0-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-WebKit2WebExtension-4_0-2.22.5-18.1 openSUSE Leap 42.3:webkit-jsc-4-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk-4_0-injected-bundles-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-devel-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-minibrowser-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-plugin-process-gtk2-2.22.5-18.1 critical Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00050.html https://www.suse.com/security/cve/CVE-2018-4442.html CVE-2018-4442 https://bugzilla.suse.com/1119556 SUSE Bug 1119556 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. CVE-2018-4443 openSUSE Leap 42.3:libjavascriptcoregtk-4_0-18-2.22.5-18.1 openSUSE Leap 42.3:libjavascriptcoregtk-4_0-18-32bit-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk-4_0-37-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk-4_0-37-32bit-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk3-lang-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-JavaScriptCore-4_0-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-WebKit2-4_0-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-WebKit2WebExtension-4_0-2.22.5-18.1 openSUSE Leap 42.3:webkit-jsc-4-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk-4_0-injected-bundles-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-devel-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-minibrowser-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-plugin-process-gtk2-2.22.5-18.1 critical Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00050.html https://www.suse.com/security/cve/CVE-2018-4443.html CVE-2018-4443 https://bugzilla.suse.com/1119557 SUSE Bug 1119557 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. CVE-2018-4464 openSUSE Leap 42.3:libjavascriptcoregtk-4_0-18-2.22.5-18.1 openSUSE Leap 42.3:libjavascriptcoregtk-4_0-18-32bit-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk-4_0-37-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk-4_0-37-32bit-2.22.5-18.1 openSUSE Leap 42.3:libwebkit2gtk3-lang-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-JavaScriptCore-4_0-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-WebKit2-4_0-2.22.5-18.1 openSUSE Leap 42.3:typelib-1_0-WebKit2WebExtension-4_0-2.22.5-18.1 openSUSE Leap 42.3:webkit-jsc-4-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk-4_0-injected-bundles-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-devel-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-minibrowser-2.22.5-18.1 openSUSE Leap 42.3:webkit2gtk3-plugin-process-gtk2-2.22.5-18.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00050.html https://www.suse.com/security/cve/CVE-2018-4464.html CVE-2018-4464 https://bugzilla.suse.com/1119553 SUSE Bug 1119553 https://bugzilla.suse.com/1119558 SUSE Bug 1119558