libjavascriptcoregtk-4_0-18-2.32.4-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11506 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libjavascriptcoregtk-4_0-18-2.32.4-1.1 on GA media These are all security issues fixed in the libjavascriptcoregtk-4_0-18-2.32.4-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11506 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11506 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2016-4692/ SUSE CVE CVE-2016-4692 page https://www.suse.com/security/cve/CVE-2016-4743/ SUSE CVE CVE-2016-4743 page https://www.suse.com/security/cve/CVE-2016-7589/ SUSE CVE CVE-2016-7589 page https://www.suse.com/security/cve/CVE-2016-7598/ SUSE CVE CVE-2016-7598 page https://www.suse.com/security/cve/CVE-2016-7641/ SUSE CVE CVE-2016-7641 page https://www.suse.com/security/cve/CVE-2016-7654/ SUSE CVE CVE-2016-7654 page https://www.suse.com/security/cve/CVE-2016-7656/ SUSE CVE CVE-2016-7656 page https://www.suse.com/security/cve/CVE-2017-1000121/ SUSE CVE CVE-2017-1000121 page https://www.suse.com/security/cve/CVE-2017-13798/ SUSE CVE CVE-2017-13798 page https://www.suse.com/security/cve/CVE-2017-13803/ SUSE CVE CVE-2017-13803 page https://www.suse.com/security/cve/CVE-2017-13866/ SUSE CVE CVE-2017-13866 page https://www.suse.com/security/cve/CVE-2017-13884/ SUSE CVE CVE-2017-13884 page https://www.suse.com/security/cve/CVE-2017-2350/ SUSE CVE CVE-2017-2350 page https://www.suse.com/security/cve/CVE-2017-2365/ SUSE CVE CVE-2017-2365 page https://www.suse.com/security/cve/CVE-2017-2371/ SUSE CVE CVE-2017-2371 page https://www.suse.com/security/cve/CVE-2017-2373/ SUSE CVE CVE-2017-2373 page https://www.suse.com/security/cve/CVE-2017-2496/ SUSE CVE CVE-2017-2496 page https://www.suse.com/security/cve/CVE-2017-2510/ SUSE CVE CVE-2017-2510 page https://www.suse.com/security/cve/CVE-2017-2538/ SUSE CVE CVE-2017-2538 page https://www.suse.com/security/cve/CVE-2017-5753/ SUSE CVE CVE-2017-5753 page https://www.suse.com/security/cve/CVE-2017-7006/ SUSE CVE CVE-2017-7006 page https://www.suse.com/security/cve/CVE-2017-7019/ SUSE CVE CVE-2017-7019 page https://www.suse.com/security/cve/CVE-2017-7020/ SUSE CVE CVE-2017-7020 page https://www.suse.com/security/cve/CVE-2017-7030/ SUSE CVE CVE-2017-7030 page https://www.suse.com/security/cve/CVE-2017-7039/ SUSE CVE CVE-2017-7039 page https://www.suse.com/security/cve/CVE-2017-7043/ SUSE CVE CVE-2017-7043 page https://www.suse.com/security/cve/CVE-2017-7046/ SUSE CVE CVE-2017-7046 page https://www.suse.com/security/cve/CVE-2017-7052/ SUSE CVE CVE-2017-7052 page https://www.suse.com/security/cve/CVE-2017-7056/ SUSE CVE CVE-2017-7056 page https://www.suse.com/security/cve/CVE-2017-7081/ SUSE CVE CVE-2017-7081 page https://www.suse.com/security/cve/CVE-2017-7089/ SUSE CVE CVE-2017-7089 page https://www.suse.com/security/cve/CVE-2017-7093/ SUSE CVE CVE-2017-7093 page https://www.suse.com/security/cve/CVE-2017-7098/ SUSE CVE CVE-2017-7098 page https://www.suse.com/security/cve/CVE-2017-7104/ SUSE CVE CVE-2017-7104 page https://www.suse.com/security/cve/CVE-2017-7117/ SUSE CVE CVE-2017-7117 page https://www.suse.com/security/cve/CVE-2017-7156/ SUSE CVE CVE-2017-7156 page https://www.suse.com/security/cve/CVE-2017-7157/ SUSE CVE CVE-2017-7157 page https://www.suse.com/security/cve/CVE-2017-7161/ SUSE CVE CVE-2017-7161 page https://www.suse.com/security/cve/CVE-2018-11646/ SUSE CVE CVE-2018-11646 page https://www.suse.com/security/cve/CVE-2018-12911/ SUSE CVE CVE-2018-12911 page https://www.suse.com/security/cve/CVE-2018-4088/ SUSE CVE CVE-2018-4088 page https://www.suse.com/security/cve/CVE-2018-4101/ SUSE CVE CVE-2018-4101 page https://www.suse.com/security/cve/CVE-2018-4117/ SUSE CVE CVE-2018-4117 page https://www.suse.com/security/cve/CVE-2018-4120/ SUSE CVE CVE-2018-4120 page https://www.suse.com/security/cve/CVE-2018-4127/ SUSE CVE CVE-2018-4127 page https://www.suse.com/security/cve/CVE-2018-4133/ SUSE CVE CVE-2018-4133 page https://www.suse.com/security/cve/CVE-2018-4162/ SUSE CVE CVE-2018-4162 page https://www.suse.com/security/cve/CVE-2018-4190/ SUSE CVE CVE-2018-4190 page https://www.suse.com/security/cve/CVE-2018-4191/ SUSE CVE CVE-2018-4191 page https://www.suse.com/security/cve/CVE-2018-4200/ SUSE CVE CVE-2018-4200 page https://www.suse.com/security/cve/CVE-2018-4204/ SUSE CVE CVE-2018-4204 page https://www.suse.com/security/cve/CVE-2018-4207/ SUSE CVE CVE-2018-4207 page https://www.suse.com/security/cve/CVE-2018-4212/ SUSE CVE CVE-2018-4212 page https://www.suse.com/security/cve/CVE-2018-4222/ SUSE CVE CVE-2018-4222 page https://www.suse.com/security/cve/CVE-2018-4261/ SUSE CVE CVE-2018-4261 page https://www.suse.com/security/cve/CVE-2018-4264/ SUSE CVE CVE-2018-4264 page https://www.suse.com/security/cve/CVE-2018-4270/ SUSE CVE CVE-2018-4270 page https://www.suse.com/security/cve/CVE-2018-4284/ SUSE CVE CVE-2018-4284 page https://www.suse.com/security/cve/CVE-2018-4306/ SUSE CVE CVE-2018-4306 page https://www.suse.com/security/cve/CVE-2018-4315/ SUSE CVE CVE-2018-4315 page https://www.suse.com/security/cve/CVE-2018-4319/ SUSE CVE CVE-2018-4319 page https://www.suse.com/security/cve/CVE-2018-4345/ SUSE CVE CVE-2018-4345 page https://www.suse.com/security/cve/CVE-2018-4359/ SUSE CVE CVE-2018-4359 page https://www.suse.com/security/cve/CVE-2018-4372/ SUSE CVE CVE-2018-4372 page https://www.suse.com/security/cve/CVE-2018-4375/ SUSE CVE CVE-2018-4375 page https://www.suse.com/security/cve/CVE-2018-4382/ SUSE CVE CVE-2018-4382 page https://www.suse.com/security/cve/CVE-2018-4437/ SUSE CVE CVE-2018-4437 page https://www.suse.com/security/cve/CVE-2018-4441/ SUSE CVE CVE-2018-4441 page https://www.suse.com/security/cve/CVE-2018-4443/ SUSE CVE CVE-2018-4443 page https://www.suse.com/security/cve/CVE-2019-6212/ SUSE CVE CVE-2019-6212 page https://www.suse.com/security/cve/CVE-2019-6216/ SUSE CVE CVE-2019-6216 page https://www.suse.com/security/cve/CVE-2019-6229/ SUSE CVE CVE-2019-6229 page https://www.suse.com/security/cve/CVE-2019-6251/ SUSE CVE CVE-2019-6251 page https://www.suse.com/security/cve/CVE-2019-7285/ SUSE CVE CVE-2019-7285 page https://www.suse.com/security/cve/CVE-2019-8375/ SUSE CVE CVE-2019-8375 page https://www.suse.com/security/cve/CVE-2019-8518/ SUSE CVE CVE-2019-8518 page https://www.suse.com/security/cve/CVE-2019-8524/ SUSE CVE CVE-2019-8524 page https://www.suse.com/security/cve/CVE-2019-8551/ SUSE CVE CVE-2019-8551 page https://www.suse.com/security/cve/CVE-2019-8595/ SUSE CVE CVE-2019-8595 page https://www.suse.com/security/cve/CVE-2019-8625/ SUSE CVE CVE-2019-8625 page https://www.suse.com/security/cve/CVE-2019-8644/ SUSE CVE CVE-2019-8644 page https://www.suse.com/security/cve/CVE-2019-8666/ SUSE CVE CVE-2019-8666 page https://www.suse.com/security/cve/CVE-2019-8669/ SUSE CVE CVE-2019-8669 page https://www.suse.com/security/cve/CVE-2019-8671/ SUSE CVE CVE-2019-8671 page https://www.suse.com/security/cve/CVE-2019-8681/ SUSE CVE CVE-2019-8681 page https://www.suse.com/security/cve/CVE-2019-8684/ SUSE CVE CVE-2019-8684 page https://www.suse.com/security/cve/CVE-2019-8686/ SUSE CVE CVE-2019-8686 page https://www.suse.com/security/cve/CVE-2019-8719/ SUSE CVE CVE-2019-8719 page https://www.suse.com/security/cve/CVE-2019-8726/ SUSE CVE CVE-2019-8726 page https://www.suse.com/security/cve/CVE-2019-8766/ SUSE CVE CVE-2019-8766 page https://www.suse.com/security/cve/CVE-2019-8768/ SUSE CVE CVE-2019-8768 page https://www.suse.com/security/cve/CVE-2019-8771/ SUSE CVE CVE-2019-8771 page https://www.suse.com/security/cve/CVE-2019-8783/ SUSE CVE CVE-2019-8783 page https://www.suse.com/security/cve/CVE-2019-8812/ SUSE CVE CVE-2019-8812 page https://www.suse.com/security/cve/CVE-2019-8816/ SUSE CVE CVE-2019-8816 page https://www.suse.com/security/cve/CVE-2019-8821/ SUSE CVE CVE-2019-8821 page https://www.suse.com/security/cve/CVE-2019-8835/ SUSE CVE CVE-2019-8835 page https://www.suse.com/security/cve/CVE-2020-10018/ SUSE CVE CVE-2020-10018 page https://www.suse.com/security/cve/CVE-2020-11793/ SUSE CVE CVE-2020-11793 page https://www.suse.com/security/cve/CVE-2020-13558/ SUSE CVE CVE-2020-13558 page https://www.suse.com/security/cve/CVE-2020-13584/ SUSE CVE CVE-2020-13584 page https://www.suse.com/security/cve/CVE-2020-13753/ SUSE CVE CVE-2020-13753 page https://www.suse.com/security/cve/CVE-2020-27918/ SUSE CVE CVE-2020-27918 page https://www.suse.com/security/cve/CVE-2020-3862/ SUSE CVE CVE-2020-3862 page https://www.suse.com/security/cve/CVE-2020-3867/ SUSE CVE CVE-2020-3867 page https://www.suse.com/security/cve/CVE-2020-3895/ SUSE CVE CVE-2020-3895 page https://www.suse.com/security/cve/CVE-2020-3899/ SUSE CVE CVE-2020-3899 page https://www.suse.com/security/cve/CVE-2020-3902/ SUSE CVE CVE-2020-3902 page https://www.suse.com/security/cve/CVE-2020-9802/ SUSE CVE CVE-2020-9802 page https://www.suse.com/security/cve/CVE-2020-9806/ SUSE CVE CVE-2020-9806 page https://www.suse.com/security/cve/CVE-2020-9862/ SUSE CVE CVE-2020-9862 page https://www.suse.com/security/cve/CVE-2020-9895/ SUSE CVE CVE-2020-9895 page https://www.suse.com/security/cve/CVE-2020-9947/ SUSE CVE CVE-2020-9947 page https://www.suse.com/security/cve/CVE-2021-1788/ SUSE CVE CVE-2021-1788 page https://www.suse.com/security/cve/CVE-2021-1789/ SUSE CVE CVE-2021-1789 page https://www.suse.com/security/cve/CVE-2021-1817/ SUSE CVE CVE-2021-1817 page https://www.suse.com/security/cve/CVE-2021-21775/ SUSE CVE CVE-2021-21775 page https://www.suse.com/security/cve/CVE-2021-21806/ SUSE CVE CVE-2021-21806 page https://www.suse.com/security/cve/CVE-2021-30661/ SUSE CVE CVE-2021-30661 page https://www.suse.com/security/cve/CVE-2021-30665/ SUSE CVE CVE-2021-30665 page https://www.suse.com/security/cve/CVE-2021-30666/ SUSE CVE CVE-2021-30666 page https://www.suse.com/security/cve/CVE-2021-30682/ SUSE CVE CVE-2021-30682 page https://www.suse.com/security/cve/CVE-2021-30744/ SUSE CVE CVE-2021-30744 page https://www.suse.com/security/cve/CVE-2021-30758/ SUSE CVE CVE-2021-30758 page https://www.suse.com/security/cve/CVE-2021-30799/ SUSE CVE CVE-2021-30799 page https://www.suse.com/security/cve/CVE-2021-30858/ SUSE CVE CVE-2021-30858 page openSUSE Tumbleweed libjavascriptcoregtk-4_0-18-2.32.4-1.1 libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 libwebkit2gtk-4_0-37-2.32.4-1.1 libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 libwebkit2gtk3-lang-2.32.4-1.1 typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 typelib-1_0-WebKit2-4_0-2.32.4-1.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 webkit-jsc-4-2.32.4-1.1 webkit2gtk-4_0-injected-bundles-2.32.4-1.1 webkit2gtk3-devel-2.32.4-1.1 webkit2gtk3-minibrowser-2.32.4-1.1 libjavascriptcoregtk-4_0-18-2.32.4-1.1 as a component of openSUSE Tumbleweed libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 as a component of openSUSE Tumbleweed libwebkit2gtk-4_0-37-2.32.4-1.1 as a component of openSUSE Tumbleweed libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 as a component of openSUSE Tumbleweed libwebkit2gtk3-lang-2.32.4-1.1 as a component of openSUSE Tumbleweed typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 as a component of openSUSE Tumbleweed typelib-1_0-WebKit2-4_0-2.32.4-1.1 as a component of openSUSE Tumbleweed typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 as a component of openSUSE Tumbleweed webkit-jsc-4-2.32.4-1.1 as a component of openSUSE Tumbleweed webkit2gtk-4_0-injected-bundles-2.32.4-1.1 as a component of openSUSE Tumbleweed webkit2gtk3-devel-2.32.4-1.1 as a component of openSUSE Tumbleweed webkit2gtk3-minibrowser-2.32.4-1.1 as a component of openSUSE Tumbleweed An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2016-4692 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4692.html CVE-2016-4692 https://bugzilla.suse.com/1020950 SUSE Bug 1020950 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2016-4743 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-4743.html CVE-2016-4743 https://bugzilla.suse.com/1020950 SUSE Bug 1020950 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2016-7589 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7589.html CVE-2016-7589 https://bugzilla.suse.com/1020950 SUSE Bug 1020950 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site. CVE-2016-7598 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7598.html CVE-2016-7598 https://bugzilla.suse.com/1020950 SUSE Bug 1020950 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2016-7641 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7641.html CVE-2016-7641 https://bugzilla.suse.com/1020950 SUSE Bug 1020950 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2016-7654 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7654.html CVE-2016-7654 https://bugzilla.suse.com/1020950 SUSE Bug 1020950 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2016-7656 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7656.html CVE-2016-7656 https://bugzilla.suse.com/1020950 SUSE Bug 1020950 The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products. CVE-2017-1000121 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-1000121.html CVE-2017-1000121 https://bugzilla.suse.com/1078996 SUSE Bug 1078996 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-13798 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-13798.html CVE-2017-13798 https://bugzilla.suse.com/1069925 SUSE Bug 1069925 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-13803 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-13803.html CVE-2017-13803 https://bugzilla.suse.com/1069925 SUSE Bug 1069925 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-13866 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-13866.html CVE-2017-13866 https://bugzilla.suse.com/1073654 SUSE Bug 1073654 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-13884 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-13884.html CVE-2017-13884 https://bugzilla.suse.com/1075775 SUSE Bug 1075775 https://bugzilla.suse.com/1077535 SUSE Bug 1077535 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. CVE-2017-2350 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-2350.html CVE-2017-2350 https://bugzilla.suse.com/1024749 SUSE Bug 1024749 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. CVE-2017-2365 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-2365.html CVE-2017-2365 https://bugzilla.suse.com/1024749 SUSE Bug 1024749 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site. CVE-2017-2371 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-2371.html CVE-2017-2371 https://bugzilla.suse.com/1024749 SUSE Bug 1024749 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-2373 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-2373.html CVE-2017-2373 https://bugzilla.suse.com/1024749 SUSE Bug 1024749 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-2496 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-2496.html CVE-2017-2496 https://bugzilla.suse.com/1050469 SUSE Bug 1050469 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events. CVE-2017-2510 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-2510.html CVE-2017-2510 https://bugzilla.suse.com/1050469 SUSE Bug 1050469 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-2538 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-2538.html CVE-2017-2538 https://bugzilla.suse.com/1045460 SUSE Bug 1045460 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVE-2017-5753 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 important 4.9 AV:L/AC:L/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5753.html CVE-2017-5753 https://bugzilla.suse.com/1068032 SUSE Bug 1068032 https://bugzilla.suse.com/1074562 SUSE Bug 1074562 https://bugzilla.suse.com/1074578 SUSE Bug 1074578 https://bugzilla.suse.com/1074701 SUSE Bug 1074701 https://bugzilla.suse.com/1075006 SUSE Bug 1075006 https://bugzilla.suse.com/1075419 SUSE Bug 1075419 https://bugzilla.suse.com/1075748 SUSE Bug 1075748 https://bugzilla.suse.com/1080039 SUSE Bug 1080039 https://bugzilla.suse.com/1087084 SUSE Bug 1087084 https://bugzilla.suse.com/1087939 SUSE Bug 1087939 https://bugzilla.suse.com/1089055 SUSE Bug 1089055 https://bugzilla.suse.com/1136865 SUSE Bug 1136865 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 https://bugzilla.suse.com/1209547 SUSE Bug 1209547 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters. CVE-2017-7006 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7006.html CVE-2017-7006 https://bugzilla.suse.com/1050469 SUSE Bug 1050469 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit Page Loading" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7019 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7019.html CVE-2017-7019 https://bugzilla.suse.com/1050469 SUSE Bug 1050469 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7020 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7020.html CVE-2017-7020 https://bugzilla.suse.com/1050469 SUSE Bug 1050469 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7030 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7030.html CVE-2017-7030 https://bugzilla.suse.com/1050469 SUSE Bug 1050469 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7039 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7039.html CVE-2017-7039 https://bugzilla.suse.com/1050469 SUSE Bug 1050469 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7043 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7043.html CVE-2017-7043 https://bugzilla.suse.com/1050469 SUSE Bug 1050469 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7046 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7046.html CVE-2017-7046 https://bugzilla.suse.com/1050469 SUSE Bug 1050469 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7052 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7052.html CVE-2017-7052 https://bugzilla.suse.com/1050469 SUSE Bug 1050469 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7056 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7056.html CVE-2017-7056 https://bugzilla.suse.com/1050469 SUSE Bug 1050469 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7081 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7081.html CVE-2017-7081 https://bugzilla.suse.com/1066892 SUSE Bug 1066892 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing. CVE-2017-7089 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7089.html CVE-2017-7089 https://bugzilla.suse.com/1066892 SUSE Bug 1066892 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7093 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7093.html CVE-2017-7093 https://bugzilla.suse.com/1066892 SUSE Bug 1066892 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7098 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7098.html CVE-2017-7098 https://bugzilla.suse.com/1066892 SUSE Bug 1066892 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7104 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7104.html CVE-2017-7104 https://bugzilla.suse.com/1066892 SUSE Bug 1066892 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7117 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7117.html CVE-2017-7117 https://bugzilla.suse.com/1066892 SUSE Bug 1066892 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7156 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7156.html CVE-2017-7156 https://bugzilla.suse.com/1073654 SUSE Bug 1073654 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7157 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7157.html CVE-2017-7157 https://bugzilla.suse.com/1073654 SUSE Bug 1073654 An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection. CVE-2017-7161 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7161.html CVE-2017-7161 https://bugzilla.suse.com/1075775 SUSE Bug 1075775 https://bugzilla.suse.com/1077535 SUSE Bug 1077535 webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. CVE-2018-11646 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-11646.html CVE-2018-11646 https://bugzilla.suse.com/1095611 SUSE Bug 1095611 https://bugzilla.suse.com/1097693 SUSE Bug 1097693 WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c. CVE-2018-12911 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-12911.html CVE-2018-12911 https://bugzilla.suse.com/1101999 SUSE Bug 1101999 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2018-4088 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4088.html CVE-2018-4088 https://bugzilla.suse.com/1075775 SUSE Bug 1075775 https://bugzilla.suse.com/1077535 SUSE Bug 1077535 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2018-4101 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4101.html CVE-2018-4101 https://bugzilla.suse.com/1088182 SUSE Bug 1088182 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. CVE-2018-4117 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4117.html CVE-2018-4117 https://bugzilla.suse.com/1088182 SUSE Bug 1088182 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2018-4120 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4120.html CVE-2018-4120 https://bugzilla.suse.com/1088182 SUSE Bug 1088182 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2018-4127 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4127.html CVE-2018-4127 https://bugzilla.suse.com/1088182 SUSE Bug 1088182 An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "WebKit" component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL. CVE-2018-4133 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4133.html CVE-2018-4133 https://bugzilla.suse.com/1088182 SUSE Bug 1088182 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2018-4162 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4162.html CVE-2018-4162 https://bugzilla.suse.com/1088182 SUSE Bug 1088182 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch. CVE-2018-4190 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4190.html CVE-2018-4190 https://bugzilla.suse.com/1097693 SUSE Bug 1097693 A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. CVE-2018-4191 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4191.html CVE-2018-4191 https://bugzilla.suse.com/1110279 SUSE Bug 1110279 An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free. CVE-2018-4200 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4200.html CVE-2018-4200 https://bugzilla.suse.com/1092280 SUSE Bug 1092280 An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2018-4204 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4204.html CVE-2018-4204 https://bugzilla.suse.com/1092279 SUSE Bug 1092279 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. CVE-2018-4207 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4207.html CVE-2018-4207 https://bugzilla.suse.com/1110279 SUSE Bug 1110279 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. CVE-2018-4212 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4212.html CVE-2018-4212 https://bugzilla.suse.com/1110279 SUSE Bug 1110279 An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation. CVE-2018-4222 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4222.html CVE-2018-4222 https://bugzilla.suse.com/1097693 SUSE Bug 1097693 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. CVE-2018-4261 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4261.html CVE-2018-4261 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. CVE-2018-4264 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4264.html CVE-2018-4264 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. CVE-2018-4270 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4270.html CVE-2018-4270 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 A type confusion issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. CVE-2018-4284 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4284.html CVE-2018-4284 https://bugzilla.suse.com/1104169 SUSE Bug 1104169 A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. CVE-2018-4306 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4306.html CVE-2018-4306 https://bugzilla.suse.com/1110279 SUSE Bug 1110279 A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. CVE-2018-4315 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4315.html CVE-2018-4315 https://bugzilla.suse.com/1110279 SUSE Bug 1110279 A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. CVE-2018-4319 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4319.html CVE-2018-4319 https://bugzilla.suse.com/1110279 SUSE Bug 1110279 A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. CVE-2018-4345 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4345.html CVE-2018-4345 https://bugzilla.suse.com/1116998 SUSE Bug 1116998 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. CVE-2018-4359 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4359.html CVE-2018-4359 https://bugzilla.suse.com/1110279 SUSE Bug 1110279 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. CVE-2018-4372 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4372.html CVE-2018-4372 https://bugzilla.suse.com/1116998 SUSE Bug 1116998 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. CVE-2018-4375 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4375.html CVE-2018-4375 https://bugzilla.suse.com/1116998 SUSE Bug 1116998 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. CVE-2018-4382 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4382.html CVE-2018-4382 https://bugzilla.suse.com/1116998 SUSE Bug 1116998 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. CVE-2018-4437 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4437.html CVE-2018-4437 https://bugzilla.suse.com/1119553 SUSE Bug 1119553 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. CVE-2018-4441 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4441.html CVE-2018-4441 https://bugzilla.suse.com/1119555 SUSE Bug 1119555 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. CVE-2018-4443 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4443.html CVE-2018-4443 https://bugzilla.suse.com/1119557 SUSE Bug 1119557 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-6212 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-6212.html CVE-2019-6212 https://bugzilla.suse.com/1124937 SUSE Bug 1124937 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-6216 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-6216.html CVE-2019-6216 https://bugzilla.suse.com/1124937 SUSE Bug 1124937 A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting. CVE-2019-6229 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-6229.html CVE-2019-6229 https://bugzilla.suse.com/1124937 SUSE Bug 1124937 WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. CVE-2019-6251 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-6251.html CVE-2019-6251 https://bugzilla.suse.com/1121894 SUSE Bug 1121894 https://bugzilla.suse.com/1132256 SUSE Bug 1132256 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-7285 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7285.html CVE-2019-7285 https://bugzilla.suse.com/1132256 SUSE Bug 1132256 The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany). CVE-2019-8375 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8375.html CVE-2019-8375 https://bugzilla.suse.com/1126768 SUSE Bug 1126768 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8518 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8518.html CVE-2019-8518 https://bugzilla.suse.com/1132256 SUSE Bug 1132256 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8524 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8524.html CVE-2019-8524 https://bugzilla.suse.com/1132256 SUSE Bug 1132256 A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting. CVE-2019-8551 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8551.html CVE-2019-8551 https://bugzilla.suse.com/1132256 SUSE Bug 1132256 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8595 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8595.html CVE-2019-8595 https://bugzilla.suse.com/1135715 SUSE Bug 1135715 A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. CVE-2019-8625 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8625.html CVE-2019-8625 https://bugzilla.suse.com/1155321 SUSE Bug 1155321 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8644 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8644.html CVE-2019-8644 https://bugzilla.suse.com/1148931 SUSE Bug 1148931 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8666 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8666.html CVE-2019-8666 https://bugzilla.suse.com/1148931 SUSE Bug 1148931 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8669 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8669.html CVE-2019-8669 https://bugzilla.suse.com/1148931 SUSE Bug 1148931 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8671 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8671.html CVE-2019-8671 https://bugzilla.suse.com/1148931 SUSE Bug 1148931 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8681 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8681.html CVE-2019-8681 https://bugzilla.suse.com/1148931 SUSE Bug 1148931 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8684 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8684.html CVE-2019-8684 https://bugzilla.suse.com/1148931 SUSE Bug 1148931 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8686 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8686.html CVE-2019-8686 https://bugzilla.suse.com/1148931 SUSE Bug 1148931 A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. CVE-2019-8719 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8719.html CVE-2019-8719 https://bugzilla.suse.com/1155321 SUSE Bug 1155321 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8726 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8726.html CVE-2019-8726 https://bugzilla.suse.com/1155321 SUSE Bug 1155321 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8766 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8766.html CVE-2019-8766 https://bugzilla.suse.com/1156318 SUSE Bug 1156318 "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. CVE-2019-8768 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8768.html CVE-2019-8768 https://bugzilla.suse.com/1155321 SUSE Bug 1155321 This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. CVE-2019-8771 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8771.html CVE-2019-8771 https://bugzilla.suse.com/1155321 SUSE Bug 1155321 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8783 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8783.html CVE-2019-8783 https://bugzilla.suse.com/1156318 SUSE Bug 1156318 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8812 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8812.html CVE-2019-8812 https://bugzilla.suse.com/1156318 SUSE Bug 1156318 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8816 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8816.html CVE-2019-8816 https://bugzilla.suse.com/1156318 SUSE Bug 1156318 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8821 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8821.html CVE-2019-8821 https://bugzilla.suse.com/1156318 SUSE Bug 1156318 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8835 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8835.html CVE-2019-8835 https://bugzilla.suse.com/1161719 SUSE Bug 1161719 WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. CVE-2020-10018 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-10018.html CVE-2020-10018 https://bugzilla.suse.com/1165528 SUSE Bug 1165528 A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). CVE-2020-11793 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-11793.html CVE-2020-11793 https://bugzilla.suse.com/1169658 SUSE Bug 1169658 A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. CVE-2020-13558 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-13558.html CVE-2020-13558 https://bugzilla.suse.com/1182286 SUSE Bug 1182286 An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. CVE-2020-13584 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-13584.html CVE-2020-13584 https://bugzilla.suse.com/1179122 SUSE Bug 1179122 https://bugzilla.suse.com/1179910 SUSE Bug 1179910 https://bugzilla.suse.com/1179911 SUSE Bug 1179911 https://bugzilla.suse.com/1179912 SUSE Bug 1179912 The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226. CVE-2020-13753 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-13753.html CVE-2020-13753 https://bugzilla.suse.com/1173998 SUSE Bug 1173998 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-27918 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-27918.html CVE-2020-27918 https://bugzilla.suse.com/1184262 SUSE Bug 1184262 A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. CVE-2020-3862 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-3862.html CVE-2020-3862 https://bugzilla.suse.com/1163809 SUSE Bug 1163809 A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting. CVE-2020-3867 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-3867.html CVE-2020-3867 https://bugzilla.suse.com/1163809 SUSE Bug 1163809 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-3895 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-3895.html CVE-2020-3895 https://bugzilla.suse.com/1170643 SUSE Bug 1170643 A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. CVE-2020-3899 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-3899.html CVE-2020-3899 https://bugzilla.suse.com/1170643 SUSE Bug 1170643 An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack. CVE-2020-3902 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-3902.html CVE-2020-3902 https://bugzilla.suse.com/1170643 SUSE Bug 1170643 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9802 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-9802.html CVE-2020-9802 https://bugzilla.suse.com/1173998 SUSE Bug 1173998 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9806 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-9806.html CVE-2020-9806 https://bugzilla.suse.com/1173998 SUSE Bug 1173998 A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. CVE-2020-9862 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-9862.html CVE-2020-9862 https://bugzilla.suse.com/1174662 SUSE Bug 1174662 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. CVE-2020-9895 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-9895.html CVE-2020-9895 https://bugzilla.suse.com/1174662 SUSE Bug 1174662 A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9947 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-9947.html CVE-2020-9947 https://bugzilla.suse.com/1184262 SUSE Bug 1184262 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-1788 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-1788.html CVE-2021-1788 https://bugzilla.suse.com/1184155 SUSE Bug 1184155 A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-1789 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-1789.html CVE-2021-1789 https://bugzilla.suse.com/1184262 SUSE Bug 1184262 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-1817 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-1817.html CVE-2021-1817 https://bugzilla.suse.com/1188697 SUSE Bug 1188697 A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. CVE-2021-21775 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21775.html CVE-2021-21775 https://bugzilla.suse.com/1188697 SUSE Bug 1188697 An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. CVE-2021-21806 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21806.html CVE-2021-21806 https://bugzilla.suse.com/1188294 SUSE Bug 1188294 https://bugzilla.suse.com/1188697 SUSE Bug 1188697 A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. CVE-2021-30661 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30661.html CVE-2021-30661 https://bugzilla.suse.com/1188697 SUSE Bug 1188697 A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. CVE-2021-30665 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30665.html CVE-2021-30665 https://bugzilla.suse.com/1188697 SUSE Bug 1188697 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. CVE-2021-30666 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30666.html CVE-2021-30666 https://bugzilla.suse.com/1188697 SUSE Bug 1188697 A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. CVE-2021-30682 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30682.html CVE-2021-30682 https://bugzilla.suse.com/1188697 SUSE Bug 1188697 Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. CVE-2021-30744 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30744.html CVE-2021-30744 https://bugzilla.suse.com/1188697 SUSE Bug 1188697 A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30758 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30758.html CVE-2021-30758 https://bugzilla.suse.com/1188697 SUSE Bug 1188697 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30799 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30799.html CVE-2021-30799 https://bugzilla.suse.com/1188697 SUSE Bug 1188697 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30858 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.32.4-1.1 openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.32.4-1.1 openSUSE Tumbleweed:libwebkit2gtk3-lang-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.32.4-1.1 openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.32.4-1.1 openSUSE Tumbleweed:webkit-jsc-4-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-devel-2.32.4-1.1 openSUSE Tumbleweed:webkit2gtk3-minibrowser-2.32.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30858.html CVE-2021-30858 https://bugzilla.suse.com/1190701 SUSE Bug 1190701 https://bugzilla.suse.com/1191298 SUSE Bug 1191298 https://bugzilla.suse.com/1191301 SUSE Bug 1191301