SUSE: CVE-2019-8375: SUSE Linux Security Advisory
Description
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
Solution(s)
- suse-upgrade-libjavascriptcoregtk-4_0-18
- suse-upgrade-libjavascriptcoregtk-4_0-18-32bit
- suse-upgrade-libwebkit2gtk-4_0-37
- suse-upgrade-libwebkit2gtk-4_0-37-32bit
- suse-upgrade-libwebkit2gtk3-lang
- suse-upgrade-typelib-1_0-javascriptcore-4_0
- suse-upgrade-typelib-1_0-webkit2-4_0
- suse-upgrade-typelib-1_0-webkit2webextension-4_0
- suse-upgrade-webkit-jsc-4
- suse-upgrade-webkit2gtk-4_0-injected-bundles
- suse-upgrade-webkit2gtk3-devel
- suse-upgrade-webkit2gtk3-minibrowser
- suse-upgrade-webkit2gtk3-plugin-process-gtk2
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center