English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 150599 CVE descriptions
and 73533 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.852089
Category:SuSE Local Security Checks
Title:SuSE Update for webkit2gtk3 openSUSE-SU-2018:3473-1 (webkit2gtk3)
Summary:The remote host is missing an update for the 'webkit2gtk3'; package(s) announced via the openSUSE-SU-2018:3473_1 advisory.
Description:Summary:
The remote host is missing an update for the 'webkit2gtk3'
package(s) announced via the openSUSE-SU-2018:3473_1 advisory.

Vulnerability Insight:
This update for webkit2gtk3 to version 2.20.3 fixes the issues:

The following security vulnerabilities were addressed:

- CVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs
(boo#1101999)

- CVE-2017-13884: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1075775).

- CVE-2017-13885: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1075775).

- CVE-2017-7153: An unspecified issue allowed remote attackers to spoof
user-interface information (about whether the entire content is derived
from a valid TLS session) via a crafted web site that sends a 401
Unauthorized redirect (bsc#1077535).

- CVE-2017-7160: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1075775).

- CVE-2017-7161: An unspecified issue allowed remote attackers to execute
arbitrary code via special characters that trigger command injection
(bsc#1075775, bsc#1077535).

- CVE-2017-7165: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1075775).

- CVE-2018-4088: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1075775).

- CVE-2018-4096: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1075775).

- CVE-2018-4200: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site that triggers a
WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280).

- CVE-2018-4204: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1092279).

- CVE-2018-4101: An unspecified issue allowed remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site (bsc#1088182).

- CVE-2018-4113: An issue in the JavaScriptCore function in the 'WebKi ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
webkit2gtk3 on openSUSE Leap 42.3.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-7153
https://usn.ubuntu.com/3551-1/
Common Vulnerability Exposure (CVE) ID: CVE-2017-7160
Common Vulnerability Exposure (CVE) ID: CVE-2017-7161
Common Vulnerability Exposure (CVE) ID: CVE-2017-7165
Common Vulnerability Exposure (CVE) ID: CVE-2018-4088
BugTraq ID: 102775
http://www.securityfocus.com/bid/102775
http://www.securitytracker.com/id/1040265
http://www.securitytracker.com/id/1040266
http://www.securitytracker.com/id/1040267
Common Vulnerability Exposure (CVE) ID: CVE-2018-4096
Common Vulnerability Exposure (CVE) ID: CVE-2018-4101
https://security.gentoo.org/glsa/201808-04
http://www.securitytracker.com/id/1040604
https://usn.ubuntu.com/3635-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-4113
Common Vulnerability Exposure (CVE) ID: CVE-2018-4114
Common Vulnerability Exposure (CVE) ID: CVE-2018-4117
BugTraq ID: 104887
http://www.securityfocus.com/bid/104887
Debian Security Information: DSA-4256 (Google Search)
https://www.debian.org/security/2018/dsa-4256
https://security.gentoo.org/glsa/201808-01
RedHat Security Advisories: RHSA-2018:2282
https://access.redhat.com/errata/RHSA-2018:2282
Common Vulnerability Exposure (CVE) ID: CVE-2018-4118
Common Vulnerability Exposure (CVE) ID: CVE-2018-4119
Common Vulnerability Exposure (CVE) ID: CVE-2018-4120
Common Vulnerability Exposure (CVE) ID: CVE-2018-4121
https://www.exploit-db.com/exploits/44427/
https://github.com/mwrlabs/CVE-2018-4121
Common Vulnerability Exposure (CVE) ID: CVE-2018-4122
Common Vulnerability Exposure (CVE) ID: CVE-2018-4125
Common Vulnerability Exposure (CVE) ID: CVE-2018-4127
Common Vulnerability Exposure (CVE) ID: CVE-2018-4128
Common Vulnerability Exposure (CVE) ID: CVE-2018-4129
Common Vulnerability Exposure (CVE) ID: CVE-2018-4133
BugTraq ID: 103580
http://www.securityfocus.com/bid/103580
http://www.securitytracker.com/id/1040606
Common Vulnerability Exposure (CVE) ID: CVE-2018-4146
Common Vulnerability Exposure (CVE) ID: CVE-2018-4161
Common Vulnerability Exposure (CVE) ID: CVE-2018-4162
Common Vulnerability Exposure (CVE) ID: CVE-2018-4163
Common Vulnerability Exposure (CVE) ID: CVE-2018-4165
Common Vulnerability Exposure (CVE) ID: CVE-2018-4190
http://www.securitytracker.com/id/1041029
https://usn.ubuntu.com/3687-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-4199
Common Vulnerability Exposure (CVE) ID: CVE-2018-4200
BugTraq ID: 103961
http://www.securityfocus.com/bid/103961
https://www.exploit-db.com/exploits/44566/
https://bugs.chromium.org/p/project-zero/issues/detail?id=1525
http://www.securitytracker.com/id/1040743
https://usn.ubuntu.com/3640-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-4204
Common Vulnerability Exposure (CVE) ID: CVE-2018-4218
https://www.exploit-db.com/exploits/44861/
https://bugs.chromium.org/p/project-zero/issues/detail?id=1553
Common Vulnerability Exposure (CVE) ID: CVE-2018-4222
https://www.exploit-db.com/exploits/44859/
https://bugs.chromium.org/p/project-zero/issues/detail?id=1545
Common Vulnerability Exposure (CVE) ID: CVE-2018-4232
Common Vulnerability Exposure (CVE) ID: CVE-2018-4233
https://www.exploit-db.com/exploits/45998/
Common Vulnerability Exposure (CVE) ID: CVE-2018-4246
https://usn.ubuntu.com/3743-1/
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 73533 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.