Bug 923223 - (CVE-2015-1083) VUL-0: Various WebKit security issues.
(CVE-2015-1083)
VUL-0: Various WebKit security issues.
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Federico Mena Quintero
Security Team bot
https://smash.suse.de/issue/114920/
CVSSv2:NVD:CVE-2015-1075:6.8:(AV:N/AC...
:
Depends on: 1069669
Blocks:
  Show dependency treegraph
 
Reported: 2015-03-19 15:44 UTC by Marcus Meissner
Modified: 2021-09-01 11:55 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-03-19 15:44:16 UTC
Apple has announced a new Safari / Webkit release which fixes a lot of CVEs.

APPLE-SA-2015-03-17-1

http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html


APPLE-SA-2015-03-17-1  Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4

Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 are now available and
address the following:

WebKit
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-1068 : Apple
CVE-2015-1069 : Apple
CVE-2015-1070 : Apple
CVE-2015-1071 : Apple
CVE-2015-1072
CVE-2015-1073 : Apple
CVE-2015-1074 : Apple
CVE-2015-1075 : Google Chrome Security team
CVE-2015-1076
CVE-2015-1077 : Apple
CVE-2015-1078 : Apple
CVE-2015-1079 : Apple
CVE-2015-1080 : Apple
CVE-2015-1081 : Apple
CVE-2015-1082 : Apple
CVE-2015-1083 : Apple

WebKit
Impact:  Inconsistent user interface may prevent users from
discerning a phishing attack
Description:  A user interface inconsistency existed in Safari that
allowed an attacker to misrepresent the URL. This issue was addressed
through improved user interface consistency checks.
CVE-ID
CVE-2015-1084 : Apple
Comment 1 Swamp Workflow Management 2015-03-19 23:00:32 UTC
bugbot adjusting priority
Comment 4 Marcus Meissner 2021-09-01 11:55:43 UTC
likely fixed where needed and possible, addressed in other bugs