Test Kennung:	1.3.6.1.4.1.25623.1.0.851975
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2018:2285-1)
Zusammenfassung:	The remote host is missing an update for the 'webkit2gtk3'; package(s) announced via the openSUSE-SU-2018:2285-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'webkit2gtk3' package(s) announced via the openSUSE-SU-2018:2285-1 advisory. Vulnerability Insight: This update for webkit2gtk3 to version 2.20.3 fixes the following issues: These security issues were fixed: - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693). - CVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site (bsc#1097693) - CVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free (bsc#1097693) - CVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693) - CVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted web site (bsc#1097693) - CVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1097693) - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandle an unset pageURL, leading to an application crash (bsc#1095611). These non-security issues were fixed: - Disable Gigacage if mmap fails to allocate in Linux. - Add user agent quirk for paypal website. - Fix a network process crash when trying to get cookies of about:blank page. - Fix UI process crash when closing the window under Wayland. - Fix several crashes and rendering issues. This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-845=1 Affected Software/OS: webkit2gtk3 on openSUSE Leap 15.0. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-4190 https://security.gentoo.org/glsa/201808-04 http://www.securitytracker.com/id/1041029 https://usn.ubuntu.com/3687-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-4199 Common Vulnerability Exposure (CVE) ID: CVE-2018-4218 https://www.exploit-db.com/exploits/44861/ https://bugs.chromium.org/p/project-zero/issues/detail?id=1553 Common Vulnerability Exposure (CVE) ID: CVE-2018-4222 https://www.exploit-db.com/exploits/44859/ https://bugs.chromium.org/p/project-zero/issues/detail?id=1545 Common Vulnerability Exposure (CVE) ID: CVE-2018-4232 Common Vulnerability Exposure (CVE) ID: CVE-2018-4233 https://www.exploit-db.com/exploits/45998/ http://packetstormsecurity.com/files/153148/Safari-Webkit-Proxy-Object-Type-Confusion.html
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.