Bug 1096060 - (CVE-2018-11713) VUL-0: CVE-2018-11713: webkit2gtk3: failed use of system proxy settings for WebSocket connections
(CVE-2018-11713)
VUL-0: CVE-2018-11713: webkit2gtk3: failed use of system proxy settings for W...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/207132/
CVSSv3:SUSE:CVE-2018-11713:5.3:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-06-05 14:58 UTC by Alexander Bergmann
Modified: 2019-10-18 18:47 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-06-05 14:58:45 UTC
CVE-2018-11713

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup
network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or
without libsoup 2.62.0, unexpectedly failed to use system proxy settings for
WebSocket connections. As a result, users could be deanonymized by crafted web
sites via a WebSocket connection.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11713
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11713.html
http://www.cvedetails.com/cve/CVE-2018-11713/
https://trac.webkit.org/changeset/228088/webkit
https://bugs.webkit.org/show_bug.cgi?id=126384
Comment 7 Swamp Workflow Management 2018-10-24 16:45:00 UTC
SUSE-SU-2018:3387-1: An update that fixes 40 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1075775,1077535,1079512,1088182,1088932,1092278,1092279,1092280,1095611,1096060,1096061,1097693,1101999,1102530,1104169
CVE References: CVE-2017-13884,CVE-2017-13885,CVE-2017-7153,CVE-2017-7160,CVE-2017-7161,CVE-2017-7165,CVE-2018-11646,CVE-2018-11712,CVE-2018-11713,CVE-2018-12911,CVE-2018-4088,CVE-2018-4096,CVE-2018-4101,CVE-2018-4113,CVE-2018-4114,CVE-2018-4117,CVE-2018-4118,CVE-2018-4119,CVE-2018-4120,CVE-2018-4121,CVE-2018-4122,CVE-2018-4125,CVE-2018-4127,CVE-2018-4128,CVE-2018-4129,CVE-2018-4133,CVE-2018-4146,CVE-2018-4161,CVE-2018-4162,CVE-2018-4163,CVE-2018-4165,CVE-2018-4190,CVE-2018-4199,CVE-2018-4200,CVE-2018-4204,CVE-2018-4218,CVE-2018-4222,CVE-2018-4232,CVE-2018-4233,CVE-2018-4246
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    webkit2gtk3-2.20.3-2.23.8
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    webkit2gtk3-2.20.3-2.23.8
SUSE Linux Enterprise Server 12-SP3 (src):    webkit2gtk3-2.20.3-2.23.8
SUSE Linux Enterprise Desktop 12-SP3 (src):    webkit2gtk3-2.20.3-2.23.8
Comment 8 Swamp Workflow Management 2018-10-25 22:13:35 UTC
openSUSE-SU-2018:3473-1: An update that fixes 40 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1075775,1077535,1079512,1088182,1088932,1092278,1092279,1092280,1095611,1096060,1096061,1097693,1101999,1102530,1104169
CVE References: CVE-2017-13884,CVE-2017-13885,CVE-2017-7153,CVE-2017-7160,CVE-2017-7161,CVE-2017-7165,CVE-2018-11646,CVE-2018-11712,CVE-2018-11713,CVE-2018-12911,CVE-2018-4088,CVE-2018-4096,CVE-2018-4101,CVE-2018-4113,CVE-2018-4114,CVE-2018-4117,CVE-2018-4118,CVE-2018-4119,CVE-2018-4120,CVE-2018-4121,CVE-2018-4122,CVE-2018-4125,CVE-2018-4127,CVE-2018-4128,CVE-2018-4129,CVE-2018-4133,CVE-2018-4146,CVE-2018-4161,CVE-2018-4162,CVE-2018-4163,CVE-2018-4165,CVE-2018-4190,CVE-2018-4199,CVE-2018-4200,CVE-2018-4204,CVE-2018-4218,CVE-2018-4222,CVE-2018-4232,CVE-2018-4233,CVE-2018-4246
Sources used:
openSUSE Leap 42.3 (src):    webkit2gtk3-2.20.3-11.1
Comment 9 Marcus Meissner 2019-10-18 18:47:47 UTC
released