Security update for webkit2gtk3 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0602-1 Final 1 1 2020-05-02T12:18:41Z current 2020-05-02T12:18:41Z 2020-05-02T12:18:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for webkit2gtk3 This update for webkit2gtk3 to version 2.28.1 fixes the following issues: Security issues fixed: - CVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528). - CVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658). Non-security issues fixed: - Add API to enable Process Swap on (Cross-site) Navigation. - Add user messages API for the communication with the web extension. - Add support for same-site cookies. - Service workers are enabled by default. - Add support for Pointer Lock API. - Add flatpak sandbox support. - Make ondemand hardware acceleration policy never leave accelerated compositing mode. - Always use a light theme for rendering form controls. - Add about:gpu to show information about the graphics stack. This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-602 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J5KUWZQAYRQ7HDH4NCHGTTCT2XK6U6RX/ E-Mail link for openSUSE-SU-2020:0602-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1165528 SUSE Bug 1165528 https://bugzilla.suse.com/1169658 SUSE Bug 1169658 https://www.suse.com/security/cve/CVE-2020-10018/ SUSE CVE CVE-2020-10018 page https://www.suse.com/security/cve/CVE-2020-11793/ SUSE CVE CVE-2020-11793 page openSUSE Leap 15.1 libjavascriptcoregtk-4_0-18-2.28.1-lp151.2.15.2 libjavascriptcoregtk-4_0-18-32bit-2.28.1-lp151.2.15.2 libwebkit2gtk-4_0-37-2.28.1-lp151.2.15.2 libwebkit2gtk-4_0-37-32bit-2.28.1-lp151.2.15.2 libwebkit2gtk3-lang-2.28.1-lp151.2.15.2 typelib-1_0-JavaScriptCore-4_0-2.28.1-lp151.2.15.2 typelib-1_0-WebKit2-4_0-2.28.1-lp151.2.15.2 typelib-1_0-WebKit2WebExtension-4_0-2.28.1-lp151.2.15.2 webkit-jsc-4-2.28.1-lp151.2.15.2 webkit2gtk-4_0-injected-bundles-2.28.1-lp151.2.15.2 webkit2gtk3-devel-2.28.1-lp151.2.15.2 webkit2gtk3-minibrowser-2.28.1-lp151.2.15.2 libjavascriptcoregtk-4_0-18-2.28.1-lp151.2.15.2 as a component of openSUSE Leap 15.1 libjavascriptcoregtk-4_0-18-32bit-2.28.1-lp151.2.15.2 as a component of openSUSE Leap 15.1 libwebkit2gtk-4_0-37-2.28.1-lp151.2.15.2 as a component of openSUSE Leap 15.1 libwebkit2gtk-4_0-37-32bit-2.28.1-lp151.2.15.2 as a component of openSUSE Leap 15.1 libwebkit2gtk3-lang-2.28.1-lp151.2.15.2 as a component of openSUSE Leap 15.1 typelib-1_0-JavaScriptCore-4_0-2.28.1-lp151.2.15.2 as a component of openSUSE Leap 15.1 typelib-1_0-WebKit2-4_0-2.28.1-lp151.2.15.2 as a component of openSUSE Leap 15.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.1-lp151.2.15.2 as a component of openSUSE Leap 15.1 webkit-jsc-4-2.28.1-lp151.2.15.2 as a component of openSUSE Leap 15.1 webkit2gtk-4_0-injected-bundles-2.28.1-lp151.2.15.2 as a component of openSUSE Leap 15.1 webkit2gtk3-devel-2.28.1-lp151.2.15.2 as a component of openSUSE Leap 15.1 webkit2gtk3-minibrowser-2.28.1-lp151.2.15.2 as a component of openSUSE Leap 15.1 WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. CVE-2020-10018 openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:webkit-jsc-4-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:webkit2gtk3-devel-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.1-lp151.2.15.2 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J5KUWZQAYRQ7HDH4NCHGTTCT2XK6U6RX/ https://www.suse.com/security/cve/CVE-2020-10018.html CVE-2020-10018 https://bugzilla.suse.com/1165528 SUSE Bug 1165528 A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). CVE-2020-11793 openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:libjavascriptcoregtk-4_0-18-32bit-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:libwebkit2gtk-4_0-37-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:libwebkit2gtk-4_0-37-32bit-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:libwebkit2gtk3-lang-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:typelib-1_0-JavaScriptCore-4_0-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:typelib-1_0-WebKit2-4_0-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:typelib-1_0-WebKit2WebExtension-4_0-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:webkit-jsc-4-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:webkit2gtk-4_0-injected-bundles-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:webkit2gtk3-devel-2.28.1-lp151.2.15.2 openSUSE Leap 15.1:webkit2gtk3-minibrowser-2.28.1-lp151.2.15.2 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J5KUWZQAYRQ7HDH4NCHGTTCT2XK6U6RX/ https://www.suse.com/security/cve/CVE-2020-11793.html CVE-2020-11793 https://bugzilla.suse.com/1169658 SUSE Bug 1169658