Bug 909707 - VUL-0: webkit: tracker-bug for multiple CVEs
VUL-0: webkit: tracker-bug for multiple CVEs
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:NVD:CVE-2014-4474:6.8:(AV:N/AC...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-12-12 13:39 UTC by Alexander Bergmann
Modified: 2019-12-10 09:33 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2014-12-12 13:39:13 UTC
Are these CVEs relevant for our webkit versions?

http://support.apple.com/en-us/HT6596

This document describes the security content of 
Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1.

WebKit

Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1

Impact: Style sheets are loaded cross-origin which may allow for data exfiltration

Description: An SVG loaded in an img element could load a CSS file cross-origin. This issue was addressed through enhanced blocking of external CSS references in SVGs.

    CVE-ID

    CVE-2014-4465 : Rennie deGraaf of iSEC Partners

WebKit

Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: A UI spoofing issue existed in the handling of scrollbar boundaries. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2014-1748 : Jordan Milne

WebKit

Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.

    CVE-ID

    CVE-2014-4452

    CVE-2014-4459

    CVE-2014-4466 : Apple

    CVE-2014-4468 : Apple

    CVE-2014-4469 : Apple

    CVE-2014-4470 : Apple

    CVE-2014-4471 : Apple

    CVE-2014-4472 : Apple

    CVE-2014-4473 : Apple

    CVE-2014-4474 : Apple

    CVE-2014-4475 : Apple
Comment 1 Swamp Workflow Management 2014-12-12 23:00:13 UTC
bugbot adjusting priority
Comment 2 Scott Reeves 2018-08-17 21:28:56 UTC
Tumbleweed, SLE15, SLE12, Leap 15, Leap 42.3 all have been updated to versions past these CVE's so this if fixed.
Comment 3 Marcus Meissner 2019-10-18 18:41:23 UTC
released in the meantime