Bugzilla – Bug 1126768
VUL-0: CVE-2019-8375: webkit2gtk3: The UIProcess subsystem in WebKit does not prevent the script dialog size from exceeding the web view size
Last modified: 2019-10-18 18:36:07 UTC
CVE-2019-8375 The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8375 https://trac.webkit.org/changeset/241515/webkit https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531 https://bugs.webkit.org/show_bug.cgi?id=184875 https://www.inputzero.io/2019/02/fuzzing-webkit.html
Both codestream should be affected: - SUSE:SLE-12-SP2:Update - SUSE:SLE-15:Update From [0]: We are missing some of the patched files and no official advisory from upstream yet. This issue was probably released ahead of time. [0] https://trac.webkit.org/changeset/241515/webkit
Created attachment 797899 [details] QA Reproducer $ zypper in epiphany $ epiphany ./webkit-js.html -> loading page hangs
Factory now has 2.24.0, which has the fix.
SUSE-SU-2019:0890-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1126768 CVE References: CVE-2019-8375 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): webkit2gtk3-2.24.0-3.21.1 SUSE Linux Enterprise Module for Desktop Applications 15 (src): webkit2gtk3-2.24.0-3.21.1 SUSE Linux Enterprise Module for Basesystem 15 (src): webkit2gtk3-2.24.0-3.21.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1206-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1126768 CVE References: CVE-2019-8375 Sources used: openSUSE Leap 15.0 (src): webkit2gtk3-2.24.0-lp150.2.16.1
SUSE-SU-2019:1030-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1126768 CVE References: CVE-2019-8375 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): webkit2gtk3-2.24.0-2.38.2 SUSE Linux Enterprise Workstation Extension 12-SP3 (src): webkit2gtk3-2.24.0-2.38.2 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): webkit2gtk3-2.24.0-2.38.2 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): webkit2gtk3-2.24.0-2.38.2 SUSE Linux Enterprise Server 12-SP4 (src): webkit2gtk3-2.24.0-2.38.2 SUSE Linux Enterprise Server 12-SP3 (src): webkit2gtk3-2.24.0-2.38.2 SUSE Linux Enterprise Desktop 12-SP4 (src): webkit2gtk3-2.24.0-2.38.2 SUSE Linux Enterprise Desktop 12-SP3 (src): webkit2gtk3-2.24.0-2.38.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1316-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1126768 CVE References: CVE-2019-8375 Sources used: openSUSE Leap 42.3 (src): webkit2gtk3-2.24.0-24.1
released