SUSE-SU-2018:0219-1
Vulnerability Summary
Timeline
Description
Security update for webkit2gtk3 This update for webkit2gtk3 fixes the following issues: Update to version 2.18.5: + Disable SharedArrayBuffers from Web API. + Reduce the precision of 'high' resolution time to 1ms. + bsc#1075419 - Security fixes: includes improvements to mitigate the effects of Spectre and Meltdown (CVE-2017-5753 and CVE-2017-5715). Update to version 2.18.4: + Make WebDriver implementation more spec compliant. + Fix a bug when trying to remove cookies before a web process is spawned. + WebKitWebDriver process no longer links to libjavascriptcoregtk. + Fix several memory leaks in GStreamer media backend. + bsc#1073654 - Security fixes: CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-13856. Update to version 2.18.3: + Improve calculation of font metrics to prevent scrollbars from being shown unnecessarily in some cases. + Fix handling of null capabilities in WebDriver implementation. + Security fixes: CVE-2017-13798, CVE-2017-13788, CVE-2017-13803. Update to version 2.18.2: + Fix rendering of arabic text. + Fix a crash in the web process when decoding GIF images. + Fix rendering of wind in Windy.com. + Fix several crashes and rendering issues. Update to version 2.18.1: + Improve performance of GIF animations. + Fix garbled display in GMail. + Fix rendering of several material design icons when using the web font. + Fix flickering when resizing the window in Wayland. + Prevent default kerberos authentication credentials from being used in ephemeral sessions. + Fix a crash when webkit_web_resource_get_data() is cancelled. + Correctly handle touchmove and touchend events in WebKitWebView. + Fix the build with enchant 2.1.1. + Fix the build in HPPA and Alpha. + Fix several crashes and rendering issues. + Security fixes: CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120, CVE-2017-7142. - Enable gold linker on s390/s390x on SLE15/Tumbleweed.
Affected Systems
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Desktop 12 SP2
< 2.18.5-2.18.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Desktop 12 SP3
< 2.18.5-2.18.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Server 12 SP2
< 2.18.5-2.18.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Server 12 SP3
< 2.18.5-2.18.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
< 2.18.5-2.18.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2
< 2.18.5-2.18.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3
< 2.18.5-2.18.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Software Development Kit 12 SP2
< 2.18.5-2.18.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Software Development Kit 12 SP3
< 2.18.5-2.18.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Workstation Extension 12 SP2
< 2.18.5-2.18.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Workstation Extension 12 SP3
< 2.18.5-2.18.1
References (97)
- https://www.suse.com/support/update/announcement/2018/suse-su-20180219-1/
- https://bugzilla.suse.com/1020950
- https://bugzilla.suse.com/1024749
- https://bugzilla.suse.com/1050469
- https://bugzilla.suse.com/1066892
- https://bugzilla.suse.com/1069925
- https://bugzilla.suse.com/1073654
- https://bugzilla.suse.com/1075419
- https://www.suse.com/security/cve/CVE-2016-4692
- https://www.suse.com/security/cve/CVE-2016-4743
- https://www.suse.com/security/cve/CVE-2016-7586
- https://www.suse.com/security/cve/CVE-2016-7587
- https://www.suse.com/security/cve/CVE-2016-7589
- https://www.suse.com/security/cve/CVE-2016-7592
- https://www.suse.com/security/cve/CVE-2016-7598
- https://www.suse.com/security/cve/CVE-2016-7599
- https://www.suse.com/security/cve/CVE-2016-7610
- https://www.suse.com/security/cve/CVE-2016-7623
- https://www.suse.com/security/cve/CVE-2016-7632
- https://www.suse.com/security/cve/CVE-2016-7635
- https://www.suse.com/security/cve/CVE-2016-7639
- https://www.suse.com/security/cve/CVE-2016-7641
- https://www.suse.com/security/cve/CVE-2016-7645
- https://www.suse.com/security/cve/CVE-2016-7652
- https://www.suse.com/security/cve/CVE-2016-7654
- https://www.suse.com/security/cve/CVE-2016-7656
- https://www.suse.com/security/cve/CVE-2017-13788
- https://www.suse.com/security/cve/CVE-2017-13798
- https://www.suse.com/security/cve/CVE-2017-13803
- https://www.suse.com/security/cve/CVE-2017-13856
- https://www.suse.com/security/cve/CVE-2017-13866
- https://www.suse.com/security/cve/CVE-2017-13870
- https://www.suse.com/security/cve/CVE-2017-2350
- https://www.suse.com/security/cve/CVE-2017-2354
- https://www.suse.com/security/cve/CVE-2017-2355
- https://www.suse.com/security/cve/CVE-2017-2356
- https://www.suse.com/security/cve/CVE-2017-2362
- https://www.suse.com/security/cve/CVE-2017-2363
- https://www.suse.com/security/cve/CVE-2017-2364
- https://www.suse.com/security/cve/CVE-2017-2365
- https://www.suse.com/security/cve/CVE-2017-2366
- https://www.suse.com/security/cve/CVE-2017-2369
- https://www.suse.com/security/cve/CVE-2017-2371
- https://www.suse.com/security/cve/CVE-2017-2373
- https://www.suse.com/security/cve/CVE-2017-2496
- https://www.suse.com/security/cve/CVE-2017-2510
- https://www.suse.com/security/cve/CVE-2017-2539
- https://www.suse.com/security/cve/CVE-2017-5715
- https://www.suse.com/security/cve/CVE-2017-5753
- https://www.suse.com/security/cve/CVE-2017-5754
- https://www.suse.com/security/cve/CVE-2017-7006
- https://www.suse.com/security/cve/CVE-2017-7011
- https://www.suse.com/security/cve/CVE-2017-7012
- https://www.suse.com/security/cve/CVE-2017-7018
- https://www.suse.com/security/cve/CVE-2017-7019
- https://www.suse.com/security/cve/CVE-2017-7020
- https://www.suse.com/security/cve/CVE-2017-7030
- https://www.suse.com/security/cve/CVE-2017-7034
- https://www.suse.com/security/cve/CVE-2017-7037
- https://www.suse.com/security/cve/CVE-2017-7038
- https://www.suse.com/security/cve/CVE-2017-7039
- https://www.suse.com/security/cve/CVE-2017-7040
- https://www.suse.com/security/cve/CVE-2017-7041
- https://www.suse.com/security/cve/CVE-2017-7042
- https://www.suse.com/security/cve/CVE-2017-7043
- https://www.suse.com/security/cve/CVE-2017-7046
- https://www.suse.com/security/cve/CVE-2017-7048
- https://www.suse.com/security/cve/CVE-2017-7049
- https://www.suse.com/security/cve/CVE-2017-7052
- https://www.suse.com/security/cve/CVE-2017-7055
- https://www.suse.com/security/cve/CVE-2017-7056
- https://www.suse.com/security/cve/CVE-2017-7059
- https://www.suse.com/security/cve/CVE-2017-7061
- https://www.suse.com/security/cve/CVE-2017-7064
- https://www.suse.com/security/cve/CVE-2017-7081
- https://www.suse.com/security/cve/CVE-2017-7087
- https://www.suse.com/security/cve/CVE-2017-7089
- https://www.suse.com/security/cve/CVE-2017-7090
- https://www.suse.com/security/cve/CVE-2017-7091
- https://www.suse.com/security/cve/CVE-2017-7092
- https://www.suse.com/security/cve/CVE-2017-7093
- https://www.suse.com/security/cve/CVE-2017-7094
- https://www.suse.com/security/cve/CVE-2017-7095
- https://www.suse.com/security/cve/CVE-2017-7096
- https://www.suse.com/security/cve/CVE-2017-7098
- https://www.suse.com/security/cve/CVE-2017-7099
- https://www.suse.com/security/cve/CVE-2017-7100
- https://www.suse.com/security/cve/CVE-2017-7102
- https://www.suse.com/security/cve/CVE-2017-7104
- https://www.suse.com/security/cve/CVE-2017-7107
- https://www.suse.com/security/cve/CVE-2017-7109
- https://www.suse.com/security/cve/CVE-2017-7111
- https://www.suse.com/security/cve/CVE-2017-7117
- https://www.suse.com/security/cve/CVE-2017-7120
- https://www.suse.com/security/cve/CVE-2017-7142
- https://www.suse.com/security/cve/CVE-2017-7156
- https://www.suse.com/security/cve/CVE-2017-7157