openSUSE Build Service

Overview Details Repositories Revisions Requests Users Attributes Meta

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

Update to version 2.18.5:

+ Disable SharedArrayBuffers from Web API.
+ Reduce the precision of "high" resolution time to 1ms.
+ bsc#1075419 - Security fixes: includes improvements to mitigate
the effects of Spectre and Meltdown (CVE-2017-5753 and CVE-2017-5715).

Update to version 2.18.4:

+ Make WebDriver implementation more spec compliant.
+ Fix a bug when trying to remove cookies before a web process is
spawned.
+ WebKitWebDriver process no longer links to
libjavascriptcoregtk.
+ Fix several memory leaks in GStreamer media backend.
+ bsc#1073654 - Security fixes: CVE-2017-13866, CVE-2017-13870,
CVE-2017-7156, CVE-2017-13856.

Update to version 2.18.3:

+ Improve calculation of font metrics to prevent scrollbars from
being shown unnecessarily in some cases.
+ Fix handling of null capabilities in WebDriver implementation.
+ Security fixes: CVE-2017-13798, CVE-2017-13788, CVE-2017-13803.

Update to version 2.18.2:

+ Fix rendering of arabic text.
+ Fix a crash in the web process when decoding GIF images.
+ Fix rendering of wind in Windy.com.
+ Fix several crashes and rendering issues.

Update to version 2.18.1:

+ Improve performance of GIF animations.
+ Fix garbled display in GMail.
+ Fix rendering of several material design icons when using the
web font.
+ Fix flickering when resizing the window in Wayland.
+ Prevent default kerberos authentication credentials from being
used in ephemeral sessions.
+ Fix a crash when webkit_web_resource_get_data() is cancelled.
+ Correctly handle touchmove and touchend events in
WebKitWebView.
+ Fix the build with enchant 2.1.1.
+ Fix the build in HPPA and Alpha.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2017-7081, CVE-2017-7087, CVE-2017-7089,
CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093,
CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098,
CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104,
CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117,
CVE-2017-7120, CVE-2017-7142.

- Enable gold linker on s390/s390x on SLE15/Tumbleweed.

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Submitted by Federico Mena Quintero (federico-mena)

Fixed bugs

bnc#1020950

VUL-0: webkit2gtk3,webkitgtk,webkitgtk3: WebKitGTK+ Security Advisory WSA-2017-0001

bnc#1024749

VUL-0: CVE-2017-2350: webkitgtk: Multiple vulnerabilities before version 2.4.14 [WSA-2017-0002]

bnc#1050469

VUL-0: libqt5-qtwebkit, libQtWebKit4, webkitgtk3, webkitgtk, webkit2gtk3: WebKitGTK+ Security Advisory WSA-2017-0006

bnc#1066892

VUL-0: webkit2gtk3: multiple security issues fixed

bnc#1069925

VUL-0: webkit2gtk3: version 2.18.3 released

bnc#1073654

VUL-0: CVE-2017-13856,CVE-2017-7157,CVE-2017-13856,CVE-2017-13866,CVE-2017-13870: libqt5-qtwebkit,webkit2gtk3,webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution

bnc#1075419

VUL-0: webkitgtk: speculative side channel attacks on various CPU platforms aka "SpectreAttack" and "MeltdownAttack"