Mailinglist Archive: opensuse-updates (137 mails)

< Previous Next >
openSUSE-SU-2016:0761-1: moderate: Security update for webkit2gtk3
openSUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:0761-1
Rating: moderate
References:
Cross-References: CVE-2015-1122 CVE-2015-1152 CVE-2015-1155
CVE-2015-3660 CVE-2015-3730 CVE-2015-3738
CVE-2015-3740 CVE-2015-3742 CVE-2015-3744
CVE-2015-3746 CVE-2015-3750 CVE-2015-3751
CVE-2015-3754 CVE-2015-3755 CVE-2015-5804
CVE-2015-5805 CVE-2015-5807 CVE-2015-5810
CVE-2015-5813 CVE-2015-5814 CVE-2015-5815
CVE-2015-5817 CVE-2015-5818 CVE-2015-5825
CVE-2015-5827 CVE-2015-5828 CVE-2015-5929
CVE-2015-5930 CVE-2015-5931 CVE-2015-7002
CVE-2015-7013 CVE-2015-7014 CVE-2015-7048
CVE-2015-7095 CVE-2015-7096 CVE-2015-7097
CVE-2015-7098 CVE-2015-7099 CVE-2015-7100
CVE-2015-7102 CVE-2015-7103 CVE-2015-7104

Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________

An update that fixes 42 vulnerabilities is now available.

Description:


This update for webkit2gtk3 fixes the following issues:

- Update to version 2.10.7:
+ Fix the build with GTK+ < 3.16.
- Changes from version 2.10.6:
+ Fix a deadlock in the Web Process when JavaScript garbage collector
was running for a web worker thread that made google maps to hang.
+ Fix media controls displaying without controls attribute.
+ Fix a Web Process crash when quickly attempting many DnD
operations.
- Changes from version 2.10.5:
+ Disable DNS prefetch when a proxy is configured.
+ Reduce the maximum simultaneous network connections to match
other browsers.
+ Make WebKitWebView always propagate motion-notify-event signal.
+ Add a way to force accelerating compositing mode at runtime using an
environment variable.
+ Fix input elements and scrollbars rendering with GTK+ 3.19.
+ Fix rendering of lines when using solid colors.
+ Fix UI process crashes related to not having a main resource response
when the load is committed for pages restored from the history cache.
+ Fix a WebProcess crash when loading large contents with custom URI
schemes API.
+ Fix a crash in the UI process when the WebView is destroyed while the
screensaver DBus proxy is being created.
+ Fix WebProcess crashes due to BadDrawable X errors in accelerated
compositing mode.
+ Fix crashes on PPC64 due to mprotect() on address not aligned to the
page size.
+ Fix std::bad_function_call exception raised in
dispatchDecidePolicyForNavigationAction.
+ Fix downloads of data URLs.
+ Fix runtime critical warnings when closing a page containing windowed
plugins.
+ Fix several crashes and rendering issues.
+ Translation updates: French, German, Italian, Turkish.
+ Security fixes: CVE-2015-7096, CVE-2015-7098.
- Update to version 2.10.4, notable changes:
+ New HTTP disk cache for the Network Process.
+ New Web Inspector UI.
+ Automatic ScreenServer inhibition when playing fullscreen videos.
+ Initial Editor API.
+ Performance improvements.
- This update addresses the following security issues: CVE-2015-1122,
CVE-2015-1152, CVE-2015-1155, CVE-2015-3660, CVE-2015-3730,
CVE-2015-3738, CVE-2015-3740, CVE-2015-3742, CVE-2015-3744,
CVE-2015-3746, CVE-2015-3750, CVE-2015-3751, CVE-2015-3754,
CVE-2015-3755, CVE-2015-5804, CVE-2015-5805, CVE-2015-5807,
CVE-2015-5810, CVE-2015-5813, CVE-2015-5814, CVE-2015-5815,
CVE-2015-5817, CVE-2015-5818, CVE-2015-5825, CVE-2015-5827,
CVE-2015-5828, CVE-2015-5929, CVE-2015-5930, CVE-2015-5931,
CVE-2015-7002, CVE-2015-7013, CVE-2015-7014, CVE-2015-7048,
CVE-2015-7095, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100,
CVE-2015-7102, CVE-2015-7103, CVE-2015-7104
- Add BuildRequires: hyphen-devel to pick up hyphenation support. Note
this is broken upstream.
- Build with -DENABLE_DATABASE_PROCESS=OFF and
-DENABLE_INDEXED_DATABASE=OFF to avoid an issue with GCC 4.8.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-340=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.1 (i586 x86_64):

libjavascriptcoregtk-4_0-18-2.10.7-7.1
libjavascriptcoregtk-4_0-18-debuginfo-2.10.7-7.1
libwebkit2gtk-4_0-37-2.10.7-7.1
libwebkit2gtk-4_0-37-debuginfo-2.10.7-7.1
typelib-1_0-JavaScriptCore-4_0-2.10.7-7.1
typelib-1_0-WebKit2-4_0-2.10.7-7.1
typelib-1_0-WebKit2WebExtension-4_0-2.10.7-7.1
webkit-jsc-4-2.10.7-7.1
webkit-jsc-4-debuginfo-2.10.7-7.1
webkit2gtk-4_0-injected-bundles-2.10.7-7.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.10.7-7.1
webkit2gtk3-debugsource-2.10.7-7.1
webkit2gtk3-devel-2.10.7-7.1

- openSUSE Leap 42.1 (x86_64):

libjavascriptcoregtk-4_0-18-32bit-2.10.7-7.1
libjavascriptcoregtk-4_0-18-debuginfo-32bit-2.10.7-7.1
libwebkit2gtk-4_0-37-32bit-2.10.7-7.1
libwebkit2gtk-4_0-37-debuginfo-32bit-2.10.7-7.1

- openSUSE Leap 42.1 (noarch):

libwebkit2gtk3-lang-2.10.7-7.1


References:

https://www.suse.com/security/cve/CVE-2015-1122.html
https://www.suse.com/security/cve/CVE-2015-1152.html
https://www.suse.com/security/cve/CVE-2015-1155.html
https://www.suse.com/security/cve/CVE-2015-3660.html
https://www.suse.com/security/cve/CVE-2015-3730.html
https://www.suse.com/security/cve/CVE-2015-3738.html
https://www.suse.com/security/cve/CVE-2015-3740.html
https://www.suse.com/security/cve/CVE-2015-3742.html
https://www.suse.com/security/cve/CVE-2015-3744.html
https://www.suse.com/security/cve/CVE-2015-3746.html
https://www.suse.com/security/cve/CVE-2015-3750.html
https://www.suse.com/security/cve/CVE-2015-3751.html
https://www.suse.com/security/cve/CVE-2015-3754.html
https://www.suse.com/security/cve/CVE-2015-3755.html
https://www.suse.com/security/cve/CVE-2015-5804.html
https://www.suse.com/security/cve/CVE-2015-5805.html
https://www.suse.com/security/cve/CVE-2015-5807.html
https://www.suse.com/security/cve/CVE-2015-5810.html
https://www.suse.com/security/cve/CVE-2015-5813.html
https://www.suse.com/security/cve/CVE-2015-5814.html
https://www.suse.com/security/cve/CVE-2015-5815.html
https://www.suse.com/security/cve/CVE-2015-5817.html
https://www.suse.com/security/cve/CVE-2015-5818.html
https://www.suse.com/security/cve/CVE-2015-5825.html
https://www.suse.com/security/cve/CVE-2015-5827.html
https://www.suse.com/security/cve/CVE-2015-5828.html
https://www.suse.com/security/cve/CVE-2015-5929.html
https://www.suse.com/security/cve/CVE-2015-5930.html
https://www.suse.com/security/cve/CVE-2015-5931.html
https://www.suse.com/security/cve/CVE-2015-7002.html
https://www.suse.com/security/cve/CVE-2015-7013.html
https://www.suse.com/security/cve/CVE-2015-7014.html
https://www.suse.com/security/cve/CVE-2015-7048.html
https://www.suse.com/security/cve/CVE-2015-7095.html
https://www.suse.com/security/cve/CVE-2015-7096.html
https://www.suse.com/security/cve/CVE-2015-7097.html
https://www.suse.com/security/cve/CVE-2015-7098.html
https://www.suse.com/security/cve/CVE-2015-7099.html
https://www.suse.com/security/cve/CVE-2015-7100.html
https://www.suse.com/security/cve/CVE-2015-7102.html
https://www.suse.com/security/cve/CVE-2015-7103.html
https://www.suse.com/security/cve/CVE-2015-7104.html


< Previous Next >
This Thread
  • No further messages