Security update for webkit2gtk3 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2781-1 Final 1 1 2018-09-21T09:13:58Z current 2018-09-21T09:13:58Z 2018-09-21T09:13:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for webkit2gtk3 This update for webkit2gtk3 to version 2.20.5 fixes the following issues: Security issue fixed: - CVE-2018-12911: Fix off-by-one in xdg_mime_get_simple_globs (bsc#1101999). - CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. - CVE-2018-4266: A malicious website may be able to cause a denial of service. A race condition was addressed with additional validation. - CVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing maliciously crafted web content may lead to an unexpected application crash. A memory corruption issue was addressed with improved input validation. - CVE-2018-4278: A malicious website may exfiltrate audio data cross-origin. Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. Other bugs fixed: - Fix rendering artifacts in some web sites due to a bug introduced in 2.20.4. - Fix a crash when leaving accelerated compositing mode. - Fix non-deterministic build failure due to missing JavaScriptCore/JSContextRef.h. This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html E-Mail link for openSUSE-SU-2018:2781-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1 libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1 libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1 libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1 libwebkit2gtk3-lang-2.20.5-lp150.2.6.1 typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1 typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1 typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1 webkit-jsc-4-2.20.5-lp150.2.6.1 webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1 webkit2gtk3-2.20.5-lp150.2.6.1 webkit2gtk3-devel-2.20.5-lp150.2.6.1 webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1 libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1 as a component of openSUSE Leap 15.0 libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1 as a component of openSUSE Leap 15.0 libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1 as a component of openSUSE Leap 15.0 libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1 as a component of openSUSE Leap 15.0 libwebkit2gtk3-lang-2.20.5-lp150.2.6.1 as a component of openSUSE Leap 15.0 typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1 as a component of openSUSE Leap 15.0 typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1 as a component of openSUSE Leap 15.0 typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1 as a component of openSUSE Leap 15.0 webkit-jsc-4-2.20.5-lp150.2.6.1 as a component of openSUSE Leap 15.0 webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1 as a component of openSUSE Leap 15.0 webkit2gtk3-2.20.5-lp150.2.6.1 as a component of openSUSE Leap 15.0 webkit2gtk3-devel-2.20.5-lp150.2.6.1 as a component of openSUSE Leap 15.0 webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1 as a component of openSUSE Leap 15.0 WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c. CVE-2018-12911 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk3-lang-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit-jsc-4-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-devel-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html https://www.suse.com/security/cve/CVE-2018-12911.html CVE-2018-12911 https://bugzilla.suse.com/1101999 SUSE Bug 1101999 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-4261 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk3-lang-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit-jsc-4-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-devel-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html https://www.suse.com/security/cve/CVE-2018-4261.html CVE-2018-4261 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4262 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk3-lang-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit-jsc-4-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-devel-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html https://www.suse.com/security/cve/CVE-2018-4262.html CVE-2018-4262 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-4263 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk3-lang-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit-jsc-4-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-devel-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html https://www.suse.com/security/cve/CVE-2018-4263.html CVE-2018-4263 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-4264 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk3-lang-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit-jsc-4-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-devel-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html https://www.suse.com/security/cve/CVE-2018-4264.html CVE-2018-4264 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-4265 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk3-lang-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit-jsc-4-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-devel-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html https://www.suse.com/security/cve/CVE-2018-4265.html CVE-2018-4265 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-4266 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk3-lang-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit-jsc-4-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-devel-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html https://www.suse.com/security/cve/CVE-2018-4266.html CVE-2018-4266 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-4267 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk3-lang-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit-jsc-4-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-devel-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html https://www.suse.com/security/cve/CVE-2018-4267.html CVE-2018-4267 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-4270 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk3-lang-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit-jsc-4-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-devel-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html https://www.suse.com/security/cve/CVE-2018-4270.html CVE-2018-4270 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-4271 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk3-lang-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit-jsc-4-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-devel-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html https://www.suse.com/security/cve/CVE-2018-4271.html CVE-2018-4271 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-4272 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk3-lang-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit-jsc-4-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-devel-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html https://www.suse.com/security/cve/CVE-2018-4272.html CVE-2018-4272 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-4273 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk3-lang-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit-jsc-4-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-devel-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html https://www.suse.com/security/cve/CVE-2018-4273.html CVE-2018-4273 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. CVE-2018-4278 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk3-lang-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit-jsc-4-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-devel-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html https://www.suse.com/security/cve/CVE-2018-4278.html CVE-2018-4278 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-4284 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:libwebkit2gtk3-lang-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit-jsc-4-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-devel-2.20.5-lp150.2.6.1 openSUSE Leap 15.0:webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html https://www.suse.com/security/cve/CVE-2018-4284.html CVE-2018-4284 https://bugzilla.suse.com/1104169 SUSE Bug 1104169