Atualização importante de segurança do SUSE para o webkit2gtk3, aviso SUSE: 2020: 1135-1

Confira !!


Uma atualização que corrige 30 vulnerabilidades já está disponível.

   Atualização de segurança do SUSE: atualização de segurança para webkit2gtk3
______________________________________________________________________________

ID do anúncio: SUSE-SU-2020: 1135-1
Classificação: importante
Referências: # 1155321 # 1156318 # 1159329 # 1161719 # 1163809
                    # 1165528 # 1169658
Referências cruzadas: CVE-2019-8625 CVE-2019-8710 CVE-2019-8720
                    CVE-2019-8743 CVE-2019-8764 CVE-2019-8766
                    CVE-2019-8769 CVE-2019-8771 CVE-2019-8782
                    CVE-2019-8783 CVE-2019-8808 CVE-2019-8811
                    CVE-2019-8812 CVE-2019-8813 CVE-2019-8814
                    CVE-2019-8815 CVE-2019-8816 CVE-2019-8819
                    CVE-2019-8820 CVE-2019-8823 CVE-2019-8835
                    CVE-2019-8844 CVE-2019-8846 CVE-2020-10018
                    CVE-2020-11793 CVE-2020-3862 CVE-2020-3864
                    CVE-2020-3865 CVE-2020-3867 CVE-2020-3868
                 
Produtos afetados:
                    Pé-de-cabra do SUSE OpenStack Cloud 8
                    SUSE OpenStack Cloud 8
                    SUSE OpenStack Cloud 7
                    Extensão da Estação de Trabalho SUSE Linux Enterprise 12-SP4
                    Kit de Desenvolvimento de Software SUSE Linux Enterprise 12-SP5
                    Kit de desenvolvimento de software corporativo SUSE Linux 12-SP4
                    SUSE Linux Enterprise Server para SAP 12-SP3
                    SUSE Linux Enterprise Server para SAP 12-SP2
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server 12-SP4
                    SUSE Linux Enterprise Server 12-SP3-LTSS
                    SUSE Linux Enterprise Server 12-SP3-BCL
                    SUSE Linux Enterprise Server 12-SP2-LTSS
                    SUSE Linux Enterprise Server 12-SP2-BCL
                    SUSE Enterprise Storage 5
                    HPE Helion Openstack 8
______________________________________________________________________________

   Uma atualização que corrige 30 vulnerabilidades já está disponível.

Descrição:

   Esta atualização do webkit2gtk3 para a versão 2.28.1 corrige os seguintes problemas:

   Problemas de segurança corrigidos:

   - CVE-2020-10018: corrigida uma negação de serviço porque o
     A estrutura de dados m_deferredFocusedNodeChange foi manipulada incorretamente (bsc # 1165528).
   - CVE-2020-11793: corrigida uma potencial execução arbitrária de código causada por um
     vulnerabilidade de uso após livre (bsc # 1169658).
   - CVE-2019-8835: corrigidos vários problemas de corrupção de memória (bsc # 1161719).
   - CVE-2019-8844: corrigidos vários problemas de corrupção de memória (bsc # 1161719).
   - CVE-2019-8846: corrigido um problema de uso após livre (bsc # 1161719).
   - CVE-2020-3862: corrigido um problema de manipulação de memória (bsc # 1163809).
   - CVE-2020-3867: corrigido um problema de XSS (bsc # 1163809).
   - CVE-2020-3868: corrigidos vários problemas de corrupção de memória que poderiam ter
     levar à execução arbitrária de código (bsc # 1163809).
   - CVE-2020-3864, CVE-2020-3865: corrigidos problemas de lógica no objeto DOM
     manipulação de contexto (bsc # 1163809).

   Problemas não relacionados à segurança corrigidos:

   - Adicione API para ativar a Troca de processos na navegação (entre sites).
   - Adicione API de mensagens do usuário para a comunicação com a extensão da web.
   - Adicione suporte para cookies no mesmo site.
   - Trabalhadores do serviço são ativados por padrão.
   - Adicione suporte para a API Pointer Lock.
   - Adicione suporte a sandbox flatpak.
   - Faça com que a política de aceleração de hardware ondemand nunca saia acelerada
     modo de composição.
   - Sempre use um tema claro para renderizar controles de formulário.
   - Adicione about: gpu para mostrar informações sobre a pilha de gráficos.
   - Corrigidos problemas ao tentar reproduzir um vídeo no NextCloud.
   - Alinhamento vertical fixo de texto contendo diacríticos em árabe.
   - Construção fixa com o icu 65.1.
   - Corrigidos erros de carregamento de página em sites usando HSTS.
   - Corrigida falha no processo da web ao exibir uma fórmula do KaTeX.
   - Corrigidos vários acidentes e problemas de renderização.
   - Comutado para um único processo da Web para Evolution e geary (bsc # 1159329).


Instruções de patch:

   Para instalar esta atualização de segurança do SUSE, use os métodos de instalação recomendados pelo SUSE
   como o YaST online_update ou "zypper patch".

   Como alternativa, você pode executar o comando listado para o seu produto:

   - SUSE OpenStack Cloud Crowbar 8:

      zypper no patch -t SUSE-OpenStack-Cloud-Crowbar-8-2020-1135 = 1

   - SUSE OpenStack Cloud 8:

      zypper no patch -t SUSE-OpenStack-Cloud-8-2020-1135 = 1

   - SUSE OpenStack Cloud 7:

      zypper no patch -t SUSE-OpenStack-Cloud-7-2020-1135 = 1

   - Extensão de estação de trabalho SUSE Linux Enterprise 12-SP4:

      zypper no patch -t SUSE-SLE-WE-12-SP4-2020-1135 = 1

   - Kit de Desenvolvimento de Software SUSE Linux Enterprise 12-SP5:

      zypper no patch -t SUSE-SLE-SDK-12-SP5-2020-1135 = 1

   - Kit de Desenvolvimento de Software SUSE Linux Enterprise 12-SP4:

      zypper no patch -t SUSE-SLE-SDK-12-SP4-2020-1135 = 1

   - SUSE Linux Enterprise Server para SAP 12-SP3:

      zypper no patch -t SUSE-SLE-SAP-12-SP3-2020-1135 = 1

   - SUSE Linux Enterprise Server para SAP 12-SP2:

      zypper no patch -t SUSE-SLE-SAP-12-SP2-2020-1135 = 1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper no patch -t SUSE-SLE-SERVER-12-SP5-2020-1135 = 1

   - SUSE Linux Enterprise Server 12-SP4:

      zypper no patch -t SUSE-SLE-SERVER-12-SP4-2020-1135 = 1

   - SUSE Linux Enterprise Server 12-SP3-LTSS:

      zypper no patch -t SUSE-SLE-SERVER-12-SP3-2020-1135 = 1

   - SUSE Linux Enterprise Server 12-SP3-BCL:

      zypper no patch -t SUSE-SLE-SERVER-12-SP3-BCL-2020-1135 = 1

   - SUSE Linux Enterprise Server 12-SP2-LTSS:

      zypper no patch -t SUSE-SLE-SERVER-12-SP2-2020-1135 = 1

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper no patch -t SUSE-SLE-SERVER-12-SP2-BCL-2020-1135 = 1

   - SUSE Enterprise Storage 5:

      zypper no patch -t SUSE-Storage-5-2020-1135 = 1

   - HPE Helion Openstack 8:

      zypper no patch -t HPE-Helion-OpenStack-8-2020-1135 = 1



Lista de Pacotes:

   - SUSE OpenStack Cloud Crowbar 8 (noarch):

      libwebkit2gtk3-lang-2.28.1-2.50.3

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      libjavascriptcoregtk-4_0-18-2.28.1-2.50.3
      libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3
      typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2-4_0-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3
      webkit2gtk3-debugsource-2.28.1-2.50.3

   - SUSE OpenStack Cloud 8 (noarch):

      libwebkit2gtk3-lang-2.28.1-2.50.3

   - SUSE OpenStack Cloud 8 (x86_64):

      libjavascriptcoregtk-4_0-18-2.28.1-2.50.3
      libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3
      typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2-4_0-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3
      webkit2gtk3-debugsource-2.28.1-2.50.3

   - SUSE OpenStack Cloud 7 (s390x x86_64):

      libjavascriptcoregtk-4_0-18-2.28.1-2.50.3
      libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3
      typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2WebExtension-4_0-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3
      webkit2gtk3-debugsource-2.28.1-2.50.3
      webkit2gtk3-devel-2.28.1-2.50.3

   - SUSE OpenStack Cloud 7 (noarch):

      libwebkit2gtk3-lang-2.28.1-2.50.3

   - Extensão de estação de trabalho SUSE Linux Enterprise 12-SP4 (noarch):

      libwebkit2gtk3-lang-2.28.1-2.50.3

   - Kit de desenvolvimento de software SUSE Linux Enterprise 12-SP5 (aarch64 ppc64le s390x x86_64):

      typelib-1_0-WebKit2WebExtension-4_0-2.28.1-2.50.3
      webkit2gtk3-debugsource-2.28.1-2.50.3
      webkit2gtk3-devel-2.28.1-2.50.3

   - Kit de desenvolvimento de software SUSE Linux Enterprise 12-SP4 (aarch64 ppc64le s390x x86_64):

      typelib-1_0-WebKit2WebExtension-4_0-2.28.1-2.50.3
      webkit2gtk3-debugsource-2.28.1-2.50.3
      webkit2gtk3-devel-2.28.1-2.50.3

   - SUSE Linux Enterprise Server para SAP 12-SP3 (ppc64le x86_64):

      libjavascriptcoregtk-4_0-18-2.28.1-2.50.3
      libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3
      typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2-4_0-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3
      webkit2gtk3-debugsource-2.28.1-2.50.3

   - SUSE Linux Enterprise Server para SAP 12-SP3 (noarch):

      libwebkit2gtk3-lang-2.28.1-2.50.3

   - SUSE Linux Enterprise Server para SAP 12-SP2 (ppc64le x86_64):

      libjavascriptcoregtk-4_0-18-2.28.1-2.50.3
      libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3
      typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2WebExtension-4_0-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3
      webkit2gtk3-debugsource-2.28.1-2.50.3
      webkit2gtk3-devel-2.28.1-2.50.3

   - SUSE Linux Enterprise Server para SAP 12-SP2 (noarch):

      libwebkit2gtk3-lang-2.28.1-2.50.3

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      libjavascriptcoregtk-4_0-18-2.28.1-2.50.3
      libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3
      typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2WebExtension-4_0-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3
      webkit2gtk3-debugsource-2.28.1-2.50.3

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      libwebkit2gtk3-lang-2.28.1-2.50.3

   - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64):

      libjavascriptcoregtk-4_0-18-2.28.1-2.50.3
      libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3
      typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2-4_0-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3
      webkit2gtk3-debugsource-2.28.1-2.50.3

   - SUSE Linux Enterprise Server 12-SP4 (noarch):

      libwebkit2gtk3-lang-2.28.1-2.50.3

   - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      libjavascriptcoregtk-4_0-18-2.28.1-2.50.3
      libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3
      typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2-4_0-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3
      webkit2gtk3-debugsource-2.28.1-2.50.3

   - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):

      libwebkit2gtk3-lang-2.28.1-2.50.3

   - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):

      libjavascriptcoregtk-4_0-18-2.28.1-2.50.3
      libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3
      typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2-4_0-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3
      webkit2gtk3-debugsource-2.28.1-2.50.3

   - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64):

      libjavascriptcoregtk-4_0-18-2.28.1-2.50.3
      libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3
      typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2WebExtension-4_0-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3
      webkit2gtk3-debugsource-2.28.1-2.50.3
      webkit2gtk3-devel-2.28.1-2.50.3

   - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch):

      libwebkit2gtk3-lang-2.28.1-2.50.3

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      libjavascriptcoregtk-4_0-18-2.28.1-2.50.3
      libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3
      typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2WebExtension-4_0-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3
      webkit2gtk3-debugsource-2.28.1-2.50.3
      webkit2gtk3-devel-2.28.1-2.50.3

   - SUSE Linux Enterprise Server 12-SP2-BCL (noarch):

      libwebkit2gtk3-lang-2.28.1-2.50.3

   - SUSE Enterprise Storage 5 (aarch64 x86_64):

      libjavascriptcoregtk-4_0-18-2.28.1-2.50.3
      libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3
      typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2-4_0-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3
      webkit2gtk3-debugsource-2.28.1-2.50.3

   - SUSE Enterprise Storage 5 (noarch):

      libwebkit2gtk3-lang-2.28.1-2.50.3

   - HPE Helion Openstack 8 (noarch):

      libwebkit2gtk3-lang-2.28.1-2.50.3

   - HPE Helion Openstack 8 (x86_64):

      libjavascriptcoregtk-4_0-18-2.28.1-2.50.3
      libjavascriptcoregtk-4_0-18-debuginfo-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-2.28.1-2.50.3
      libwebkit2gtk-4_0-37-debuginfo-2.28.1-2.50.3
      typelib-1_0-JavaScriptCore-4_0-2.28.1-2.50.3
      typelib-1_0-WebKit2-4_0-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-2.28.1-2.50.3
      webkit2gtk-4_0-injected-bundles-debuginfo-2.28.1-2.50.3
      webkit2gtk3-debugsource-2.28.1-2.50.3


Referências:

   https://www.suse.com/security/cve/CVE-2019-8625.html
   https://www.suse.com/security/cve/CVE-2019-8710.html
   https://www.suse.com/security/cve/CVE-2019-8720.html
   https://www.suse.com/security/cve/CVE-2019-8743.html
   https://www.suse.com/security/cve/CVE-2019-8764.html
   https://www.suse.com/security/cve/CVE-2019-8766.html
   https://www.suse.com/security/cve/CVE-2019-8769.html
   https://www.suse.com/security/cve/CVE-2019-8771.html
   https://www.suse.com/security/cve/CVE-2019-8782.html
   https://www.suse.com/security/cve/CVE-2019-8783.html
   https://www.suse.com/security/cve/CVE-2019-8808.html
   https://www.suse.com/security/cve/CVE-2019-8811.html
   https://www.suse.com/security/cve/CVE-2019-8812.html
   https://www.suse.com/security/cve/CVE-2019-8813.html
   https://www.suse.com/security/cve/CVE-2019-8814.html
   https://www.suse.com/security/cve/CVE-2019-8815.html
   https://www.suse.com/security/cve/CVE-2019-8816.html
   https://www.suse.com/security/cve/CVE-2019-8819.html
   https://www.suse.com/security/cve/CVE-2019-8820.html
   https://www.suse.com/security/cve/CVE-2019-8823.html
   https://www.suse.com/security/cve/CVE-2019-8835.html
   https://www.suse.com/security/cve/CVE-2019-8844.html
   https://www.suse.com/security/cve/CVE-2019-8846.html
   https://www.suse.com/security/cve/CVE-2020-10018.html
   https://www.suse.com/security/cve/CVE-2020-11793.html
   https://www.suse.com/security/cve/CVE-2020-3862.html
   https://www.suse.com/security/cve/CVE-2020-3864.html
   https://www.suse.com/security/cve/CVE-2020-3865.html
   https://www.suse.com/security/cve/CVE-2020-3867.html
   https://www.suse.com/security/cve/CVE-2020-3868.html
   https://bugzilla.suse.com/1155321
   https://bugzilla.suse.com/1156318
   https://bugzilla.suse.com/1159329
   https://bugzilla.suse.com/1161719
   https://bugzilla.suse.com/1163809
   https://bugzilla.suse.com/1165528
   https://bugzilla.suse.com/1169658

_______________________________________________
lista de discussão sle-security-updates
sle-security-updates@lists.suse.com
https://lists.suse.com/mailman/listinfo/sle-security-updates

Fonte

Até a próxima !!