openSUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:0761-1 Rating: moderate References: Cross-References: CVE-2015-1122 CVE-2015-1152 CVE-2015-1155 CVE-2015-3660 CVE-2015-3730 CVE-2015-3738 CVE-2015-3740 CVE-2015-3742 CVE-2015-3744 CVE-2015-3746 CVE-2015-3750 CVE-2015-3751 CVE-2015-3754 CVE-2015-3755 CVE-2015-5804 CVE-2015-5805 CVE-2015-5807 CVE-2015-5810 CVE-2015-5813 CVE-2015-5814 CVE-2015-5815 CVE-2015-5817 CVE-2015-5818 CVE-2015-5825 CVE-2015-5827 CVE-2015-5828 CVE-2015-5929 CVE-2015-5930 CVE-2015-5931 CVE-2015-7002 CVE-2015-7013 CVE-2015-7014 CVE-2015-7048 CVE-2015-7095 CVE-2015-7096 CVE-2015-7097 CVE-2015-7098 CVE-2015-7099 CVE-2015-7100 CVE-2015-7102 CVE-2015-7103 CVE-2015-7104 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes 42 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.10.7: + Fix the build with GTK+ < 3.16. - Changes from version 2.10.6: + Fix a deadlock in the Web Process when JavaScript garbage collector was running for a web worker thread that made google maps to hang. + Fix media controls displaying without controls attribute. + Fix a Web Process crash when quickly attempting many DnD operations. - Changes from version 2.10.5: + Disable DNS prefetch when a proxy is configured. + Reduce the maximum simultaneous network connections to match other browsers. + Make WebKitWebView always propagate motion-notify-event signal. + Add a way to force accelerating compositing mode at runtime using an environment variable. + Fix input elements and scrollbars rendering with GTK+ 3.19. + Fix rendering of lines when using solid colors. + Fix UI process crashes related to not having a main resource response when the load is committed for pages restored from the history cache. + Fix a WebProcess crash when loading large contents with custom URI schemes API. + Fix a crash in the UI process when the WebView is destroyed while the screensaver DBus proxy is being created. + Fix WebProcess crashes due to BadDrawable X errors in accelerated compositing mode. + Fix crashes on PPC64 due to mprotect() on address not aligned to the page size. + Fix std::bad_function_call exception raised in dispatchDecidePolicyForNavigationAction. + Fix downloads of data URLs. + Fix runtime critical warnings when closing a page containing windowed plugins. + Fix several crashes and rendering issues. + Translation updates: French, German, Italian, Turkish. + Security fixes: CVE-2015-7096, CVE-2015-7098. - Update to version 2.10.4, notable changes: + New HTTP disk cache for the Network Process. + New Web Inspector UI. + Automatic ScreenServer inhibition when playing fullscreen videos. + Initial Editor API. + Performance improvements. - This update addresses the following security issues: CVE-2015-1122, CVE-2015-1152, CVE-2015-1155, CVE-2015-3660, CVE-2015-3730, CVE-2015-3738, CVE-2015-3740, CVE-2015-3742, CVE-2015-3744, CVE-2015-3746, CVE-2015-3750, CVE-2015-3751, CVE-2015-3754, CVE-2015-3755, CVE-2015-5804, CVE-2015-5805, CVE-2015-5807, CVE-2015-5810, CVE-2015-5813, CVE-2015-5814, CVE-2015-5815, CVE-2015-5817, CVE-2015-5818, CVE-2015-5825, CVE-2015-5827, CVE-2015-5828, CVE-2015-5929, CVE-2015-5930, CVE-2015-5931, CVE-2015-7002, CVE-2015-7013, CVE-2015-7014, CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7102, CVE-2015-7103, CVE-2015-7104 - Add BuildRequires: hyphen-devel to pick up hyphenation support. Note this is broken upstream. - Build with -DENABLE_DATABASE_PROCESS=OFF and -DENABLE_INDEXED_DATABASE=OFF to avoid an issue with GCC 4.8. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-340=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): libjavascriptcoregtk-4_0-18-2.10.7-7.1 libjavascriptcoregtk-4_0-18-debuginfo-2.10.7-7.1 libwebkit2gtk-4_0-37-2.10.7-7.1 libwebkit2gtk-4_0-37-debuginfo-2.10.7-7.1 typelib-1_0-JavaScriptCore-4_0-2.10.7-7.1 typelib-1_0-WebKit2-4_0-2.10.7-7.1 typelib-1_0-WebKit2WebExtension-4_0-2.10.7-7.1 webkit-jsc-4-2.10.7-7.1 webkit-jsc-4-debuginfo-2.10.7-7.1 webkit2gtk-4_0-injected-bundles-2.10.7-7.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.10.7-7.1 webkit2gtk3-debugsource-2.10.7-7.1 webkit2gtk3-devel-2.10.7-7.1 - openSUSE Leap 42.1 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.10.7-7.1 libjavascriptcoregtk-4_0-18-debuginfo-32bit-2.10.7-7.1 libwebkit2gtk-4_0-37-32bit-2.10.7-7.1 libwebkit2gtk-4_0-37-debuginfo-32bit-2.10.7-7.1 - openSUSE Leap 42.1 (noarch): libwebkit2gtk3-lang-2.10.7-7.1 References: https://www.suse.com/security/cve/CVE-2015-1122.html https://www.suse.com/security/cve/CVE-2015-1152.html https://www.suse.com/security/cve/CVE-2015-1155.html https://www.suse.com/security/cve/CVE-2015-3660.html https://www.suse.com/security/cve/CVE-2015-3730.html https://www.suse.com/security/cve/CVE-2015-3738.html https://www.suse.com/security/cve/CVE-2015-3740.html https://www.suse.com/security/cve/CVE-2015-3742.html https://www.suse.com/security/cve/CVE-2015-3744.html https://www.suse.com/security/cve/CVE-2015-3746.html https://www.suse.com/security/cve/CVE-2015-3750.html https://www.suse.com/security/cve/CVE-2015-3751.html https://www.suse.com/security/cve/CVE-2015-3754.html https://www.suse.com/security/cve/CVE-2015-3755.html https://www.suse.com/security/cve/CVE-2015-5804.html https://www.suse.com/security/cve/CVE-2015-5805.html https://www.suse.com/security/cve/CVE-2015-5807.html https://www.suse.com/security/cve/CVE-2015-5810.html https://www.suse.com/security/cve/CVE-2015-5813.html https://www.suse.com/security/cve/CVE-2015-5814.html https://www.suse.com/security/cve/CVE-2015-5815.html https://www.suse.com/security/cve/CVE-2015-5817.html https://www.suse.com/security/cve/CVE-2015-5818.html https://www.suse.com/security/cve/CVE-2015-5825.html https://www.suse.com/security/cve/CVE-2015-5827.html https://www.suse.com/security/cve/CVE-2015-5828.html https://www.suse.com/security/cve/CVE-2015-5929.html https://www.suse.com/security/cve/CVE-2015-5930.html https://www.suse.com/security/cve/CVE-2015-5931.html https://www.suse.com/security/cve/CVE-2015-7002.html https://www.suse.com/security/cve/CVE-2015-7013.html https://www.suse.com/security/cve/CVE-2015-7014.html https://www.suse.com/security/cve/CVE-2015-7048.html https://www.suse.com/security/cve/CVE-2015-7095.html https://www.suse.com/security/cve/CVE-2015-7096.html https://www.suse.com/security/cve/CVE-2015-7097.html https://www.suse.com/security/cve/CVE-2015-7098.html https://www.suse.com/security/cve/CVE-2015-7099.html https://www.suse.com/security/cve/CVE-2015-7100.html https://www.suse.com/security/cve/CVE-2015-7102.html https://www.suse.com/security/cve/CVE-2015-7103.html https://www.suse.com/security/cve/CVE-2015-7104.html