An update that fixes 42 vulnerabilities is now available.
Description:
This update for webkit2gtk3 to version 2.26.2 fixes the following issues:
Webkit2gtk3 was updated to version 2.26.2 (WSA-2019-0005 and
WSA-2019-0006, bsc#1155321 bsc#1156318)
Security issues addressed:
- CVE-2019-8625: Fixed a logic issue where by processing maliciously
crafted web content may lead to universal cross site scripting.
- CVE-2019-8674: Fixed a logic issue where by processing maliciously
crafted web content may lead to universal cross site scripting.
- CVE-2019-8707: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8719: Fixed a logic issue where by processing maliciously
crafted web content may lead to universal cross site scripting.
- CVE-2019-8720: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8726: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8733: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8735: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8763: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8768: Fixed an issue where a user may be unable to delete
browsing history items.
- CVE-2019-8769: Fixed an issue where a maliciously crafted website may
reveal browsing history.
- CVE-2019-8771: Fixed an issue where a maliciously crafted web content
may violate iframe sandboxing policy.
- CVE-2019-8710: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8743: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8764: Fixed a logic issue where by processing maliciously
crafted web content may lead to universal cross site scripting.
- CVE-2019-8765: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8766: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8782: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8783: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8808: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8811: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8812: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8813: Fixed a logic issue where by processing maliciously
crafted web content may lead to universal cross site scripting.
- CVE-2019-8814: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8815: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8816: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8819: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8820: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8821: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8822: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
- CVE-2019-8823: Fixed multiple memory corruption issues where by
processing maliciously crafted web content may lead to arbitrary code
execution.
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: