An update that fixes 9 vulnerabilities is now available.
Description:
This update for webkit2gtk3 to version 2.22.6 fixes the following issues:
Security issues fixed:
- CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which
could allow arbitrary code execution during the processing
of special crafted web-content.
- CVE-2019-6215: Fixed a type confusion vulnerability which could allow
arbitrary code execution during the processing
of special crafted web-content.
- CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which
could allow arbitrary code execution during the processing
of special crafted web-content.
- CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which
could allow arbitrary code execution during the processing
of special crafted web-content.
- CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which
could allow arbitrary code execution during the processing
of special crafted web-content.
- CVE-2019-6227: Fixed a memory corruption vulnerability which could allow
arbitrary code execution during the processing
of special crafted web-content.
- CVE-2019-6229: Fixed a logic issue by improving validation which could
allow arbitrary code execution during the processing
of special crafted web-content.
- CVE-2019-6233: Fixed a memory corruption vulnerability which could allow
arbitrary code execution during the processing
of special crafted web-content.
- CVE-2019-6234: Fixed a memory corruption vulnerability which could allow
arbitrary code execution during the processing
of special crafted web-content.
Other issues addressed:
- Update to version 2.22.6 (bsc#1124937).
- Kinetic scrolling slow down smoothly when reaching the ends of pages,
instead of abruptly, to better match the GTK+ behaviour.
- Fixed Web inspector magnifier under Wayland.
- Fixed garbled rendering of some websites (e.g. YouTube) while scrolling
under X11.
- Fixed several crashes, race conditions, and rendering issues.
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: