Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.851975 |
Kategorie: | SuSE Local Security Checks |
Titel: | openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2018:2285-1) |
Zusammenfassung: | The remote host is missing an update for the 'webkit2gtk3'; package(s) announced via the openSUSE-SU-2018:2285-1 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'webkit2gtk3' package(s) announced via the openSUSE-SU-2018:2285-1 advisory. Vulnerability Insight: This update for webkit2gtk3 to version 2.20.3 fixes the following issues: These security issues were fixed: - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693). - CVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site (bsc#1097693) - CVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free (bsc#1097693) - CVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693) - CVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted web site (bsc#1097693) - CVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1097693) - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandle an unset pageURL, leading to an application crash (bsc#1095611). These non-security issues were fixed: - Disable Gigacage if mmap fails to allocate in Linux. - Add user agent quirk for paypal website. - Fix a network process crash when trying to get cookies of about:blank page. - Fix UI process crash when closing the window under Wayland. - Fix several crashes and rendering issues. This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-845=1 Affected Software/OS: webkit2gtk3 on openSUSE Leap 15.0. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-4190 https://security.gentoo.org/glsa/201808-04 http://www.securitytracker.com/id/1041029 https://usn.ubuntu.com/3687-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-4199 Common Vulnerability Exposure (CVE) ID: CVE-2018-4218 https://www.exploit-db.com/exploits/44861/ https://bugs.chromium.org/p/project-zero/issues/detail?id=1553 Common Vulnerability Exposure (CVE) ID: CVE-2018-4222 https://www.exploit-db.com/exploits/44859/ https://bugs.chromium.org/p/project-zero/issues/detail?id=1545 Common Vulnerability Exposure (CVE) ID: CVE-2018-4232 Common Vulnerability Exposure (CVE) ID: CVE-2018-4233 https://www.exploit-db.com/exploits/45998/ http://packetstormsecurity.com/files/153148/Safari-Webkit-Proxy-Object-Type-Confusion.html |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |