Security update for webkit2gtk3 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:2752-1 Final 1 1 2018-09-19T10:58:11Z current 2018-09-19T10:58:11Z 2018-09-19T10:58:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for webkit2gtk3 This update for webkit2gtk3 to version 2.20.5 fixes the following issues: Security issue fixed: - CVE-2018-12911: Fix off-by-one in xdg_mime_get_simple_globs (bsc#1101999). - CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. - CVE-2018-4266: A malicious website may be able to cause a denial of service. A race condition was addressed with additional validation. - CVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing maliciously crafted web content may lead to an unexpected application crash. A memory corruption issue was addressed with improved input validation. - CVE-2018-4278: A malicious website may exfiltrate audio data cross-origin. Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. Other bugs fixed: - Fix rendering artifacts in some web sites due to a bug introduced in 2.20.4. - Fix a crash when leaving accelerated compositing mode. - Fix non-deterministic build failure due to missing JavaScriptCore/JSContextRef.h. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-Basesystem-15-2018-1921,SUSE-SLE-Module-Desktop-Applications-15-2018-1921 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20182752-1/ Link for SUSE-SU-2018:2752-1 https://lists.suse.com/pipermail/sle-security-updates/2018-September/004565.html E-Mail link for SUSE-SU-2018:2752-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1101999 SUSE Bug 1101999 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 https://www.suse.com/security/cve/CVE-2018-12911/ SUSE CVE CVE-2018-12911 page https://www.suse.com/security/cve/CVE-2018-4261/ SUSE CVE CVE-2018-4261 page https://www.suse.com/security/cve/CVE-2018-4262/ SUSE CVE CVE-2018-4262 page https://www.suse.com/security/cve/CVE-2018-4263/ SUSE CVE CVE-2018-4263 page https://www.suse.com/security/cve/CVE-2018-4264/ SUSE CVE CVE-2018-4264 page https://www.suse.com/security/cve/CVE-2018-4265/ SUSE CVE CVE-2018-4265 page https://www.suse.com/security/cve/CVE-2018-4266/ SUSE CVE CVE-2018-4266 page https://www.suse.com/security/cve/CVE-2018-4267/ SUSE CVE CVE-2018-4267 page https://www.suse.com/security/cve/CVE-2018-4270/ SUSE CVE CVE-2018-4270 page https://www.suse.com/security/cve/CVE-2018-4271/ SUSE CVE CVE-2018-4271 page https://www.suse.com/security/cve/CVE-2018-4272/ SUSE CVE CVE-2018-4272 page https://www.suse.com/security/cve/CVE-2018-4273/ SUSE CVE CVE-2018-4273 page https://www.suse.com/security/cve/CVE-2018-4278/ SUSE CVE CVE-2018-4278 page https://www.suse.com/security/cve/CVE-2018-4284/ SUSE CVE CVE-2018-4284 page SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Desktop Applications 15 libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 libwebkit2gtk-4_0-37-2.20.5-3.8.1 libwebkit2gtk3-lang-2.20.5-3.8.1 webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 webkit2gtk3-devel-2.20.5-3.8.1 libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 libwebkit2gtk-4_0-37-2.20.5-3.8.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 libwebkit2gtk3-lang-2.20.5-3.8.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 webkit2gtk3-devel-2.20.5-3.8.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c. CVE-2018-12911 SUSE Linux Enterprise Module for Basesystem 15:libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk-4_0-37-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk3-lang-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:webkit2gtk3-devel-2.20.5-3.8.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182752-1/ https://www.suse.com/security/cve/CVE-2018-12911.html CVE-2018-12911 https://bugzilla.suse.com/1101999 SUSE Bug 1101999 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. CVE-2018-4261 SUSE Linux Enterprise Module for Basesystem 15:libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk-4_0-37-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk3-lang-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:webkit2gtk3-devel-2.20.5-3.8.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182752-1/ https://www.suse.com/security/cve/CVE-2018-4261.html CVE-2018-4261 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4262 SUSE Linux Enterprise Module for Basesystem 15:libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk-4_0-37-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk3-lang-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:webkit2gtk3-devel-2.20.5-3.8.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182752-1/ https://www.suse.com/security/cve/CVE-2018-4262.html CVE-2018-4262 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. CVE-2018-4263 SUSE Linux Enterprise Module for Basesystem 15:libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk-4_0-37-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk3-lang-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:webkit2gtk3-devel-2.20.5-3.8.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182752-1/ https://www.suse.com/security/cve/CVE-2018-4263.html CVE-2018-4263 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. CVE-2018-4264 SUSE Linux Enterprise Module for Basesystem 15:libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk-4_0-37-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk3-lang-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:webkit2gtk3-devel-2.20.5-3.8.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182752-1/ https://www.suse.com/security/cve/CVE-2018-4264.html CVE-2018-4264 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. CVE-2018-4265 SUSE Linux Enterprise Module for Basesystem 15:libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk-4_0-37-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk3-lang-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:webkit2gtk3-devel-2.20.5-3.8.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182752-1/ https://www.suse.com/security/cve/CVE-2018-4265.html CVE-2018-4265 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. CVE-2018-4266 SUSE Linux Enterprise Module for Basesystem 15:libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk-4_0-37-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk3-lang-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:webkit2gtk3-devel-2.20.5-3.8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182752-1/ https://www.suse.com/security/cve/CVE-2018-4266.html CVE-2018-4266 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. CVE-2018-4267 SUSE Linux Enterprise Module for Basesystem 15:libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk-4_0-37-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk3-lang-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:webkit2gtk3-devel-2.20.5-3.8.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182752-1/ https://www.suse.com/security/cve/CVE-2018-4267.html CVE-2018-4267 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. CVE-2018-4270 SUSE Linux Enterprise Module for Basesystem 15:libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk-4_0-37-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk3-lang-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:webkit2gtk3-devel-2.20.5-3.8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182752-1/ https://www.suse.com/security/cve/CVE-2018-4270.html CVE-2018-4270 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. CVE-2018-4271 SUSE Linux Enterprise Module for Basesystem 15:libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk-4_0-37-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk3-lang-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:webkit2gtk3-devel-2.20.5-3.8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182752-1/ https://www.suse.com/security/cve/CVE-2018-4271.html CVE-2018-4271 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. CVE-2018-4272 SUSE Linux Enterprise Module for Basesystem 15:libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk-4_0-37-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk3-lang-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:webkit2gtk3-devel-2.20.5-3.8.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182752-1/ https://www.suse.com/security/cve/CVE-2018-4272.html CVE-2018-4272 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. CVE-2018-4273 SUSE Linux Enterprise Module for Basesystem 15:libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk-4_0-37-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk3-lang-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:webkit2gtk3-devel-2.20.5-3.8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182752-1/ https://www.suse.com/security/cve/CVE-2018-4273.html CVE-2018-4273 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. CVE-2018-4278 SUSE Linux Enterprise Module for Basesystem 15:libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk-4_0-37-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk3-lang-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:webkit2gtk3-devel-2.20.5-3.8.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182752-1/ https://www.suse.com/security/cve/CVE-2018-4278.html CVE-2018-4278 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 A type confusion issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. CVE-2018-4284 SUSE Linux Enterprise Module for Basesystem 15:libjavascriptcoregtk-4_0-18-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk-4_0-37-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:libwebkit2gtk3-lang-2.20.5-3.8.1 SUSE Linux Enterprise Module for Basesystem 15:webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1 SUSE Linux Enterprise Module for Desktop Applications 15:webkit2gtk3-devel-2.20.5-3.8.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182752-1/ https://www.suse.com/security/cve/CVE-2018-4284.html CVE-2018-4284 https://bugzilla.suse.com/1104169 SUSE Bug 1104169