Bug 909707

Summary: VUL-0: webkit: tracker-bug for multiple CVEs
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: fcrozat, federico, sreeves
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:NVD:CVE-2014-4474:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2014-4475:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2014-4473:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2014-4466:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2014-4470:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2014-4472:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2014-4468:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2014-4465:5.0:(AV:N/AC:L/Au:N/C:N/I:P/A:N) CVSSv2:NVD:CVE-2014-4469:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2014-4471:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) maint:planned:update
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2014-12-12 13:39:13 UTC 
Are these CVEs relevant for our webkit versions?

http://support.apple.com/en-us/HT6596

This document describes the security content of 
Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1.

WebKit

Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1

Impact: Style sheets are loaded cross-origin which may allow for data exfiltration

Description: An SVG loaded in an img element could load a CSS file cross-origin. This issue was addressed through enhanced blocking of external CSS references in SVGs.

    CVE-ID

    CVE-2014-4465 : Rennie deGraaf of iSEC Partners

WebKit

Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: A UI spoofing issue existed in the handling of scrollbar boundaries. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-1748 : Jordan Milne

WebKit

Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.

    CVE-ID

    CVE-2014-4452

    CVE-2014-4459

    CVE-2014-4466 : Apple

    CVE-2014-4468 : Apple

    CVE-2014-4469 : Apple

    CVE-2014-4470 : Apple

    CVE-2014-4471 : Apple

    CVE-2014-4472 : Apple

    CVE-2014-4473 : Apple

    CVE-2014-4474 : Apple

    CVE-2014-4475 : Apple
Comment 1 Swamp Workflow Management 2014-12-12 23:00:13 UTC 
bugbot adjusting priority
Comment 2 Scott Reeves 2018-08-17 21:28:56 UTC 
Tumbleweed, SLE15, SLE12, Leap 15, Leap 42.3 all have been updated to versions past these CVE's so this if fixed.
Comment 3 Marcus Meissner 2019-10-18 18:41:23 UTC 
released in the meantime