Overview

File _patchinfo of Package patchinfo.8158

<patchinfo incident="8158">
  <issue tracker="bnc" id="1101999">VUL-1: CVE-2018-12911: webkit2gtk3: off-by-one error, with a resultant out-of-bounds write,in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c andThirdParty/xdgmime/src/</issue>
  <issue tracker="bnc" id="1104169"></issue>
  <issue tracker="cve" id="2018-12911"/>
  <issue id="2018-4261" tracker="cve" />
  <issue id="2018-4262" tracker="cve" />
  <issue id="2018-4263" tracker="cve" />
  <issue id="2018-4264" tracker="cve" />
  <issue id="2018-4265" tracker="cve" />
  <issue id="2018-4266" tracker="cve" />
  <issue id="2018-4267" tracker="cve" />
  <issue id="2018-4270" tracker="cve" />
  <issue id="2018-4271" tracker="cve" />
  <issue id="2018-4272" tracker="cve" />
  <issue id="2018-4273" tracker="cve" />
  <issue id="2018-4278" tracker="cve" />
  <issue id="2018-4284" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>mgorse</packager>
  <description>This update for webkit2gtk3 to version 2.20.5 fixes the following issues:

Security issue fixed:

- CVE-2018-12911: Fix off-by-one in xdg_mime_get_simple_globs (bsc#1101999).
- CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265,
  CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processing maliciously crafted
  web content may lead to arbitrary code execution. A memory corruption issue
  was addressed with improved memory handling.
- CVE-2018-4266: A malicious website may be able to cause a denial of service.
  A race condition was addressed with additional validation.
- CVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing maliciously crafted
  web content may lead to an unexpected application crash. A memory corruption
  issue was addressed with improved input validation.
- CVE-2018-4278: A malicious website may exfiltrate audio data cross-origin.
  Sound fetched through audio elements may be exfiltrated cross-origin. This
  issue was addressed with improved audio taint tracking.

Other bugs fixed:

- Fix rendering artifacts in some web sites due to a bug introduced in 2.20.4.
- Fix a crash when leaving accelerated compositing mode.
- Fix non-deterministic build failure due to missing JavaScriptCore/JSContextRef.h.
</description>
  <summary>Security update for webkit2gtk3</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places