Bug 1119558 - (CVE-2018-4464) VUL-0: CVE-2018-4464: webkit2gtk3: multiple memory corruption issues were addressed with improved memory handling (WSA-2018-0009)
(CVE-2018-4464)
VUL-0: CVE-2018-4464: webkit2gtk3: multiple memory corruption issues were add...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/215947
CVSSv3:SUSE:CVE-2018-4464:5.3:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-12-14 16:23 UTC by Alexander Bergmann
Modified: 2019-07-24 06:37 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-12-14 16:23:48 UTC
https://webkitgtk.org/security/WSA-2018-0009.html

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0009

Date Reported: December 13, 2018

CVE-2018-4464

- Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0.
- Credit to HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab,
  Korea.
- Processing maliciously crafted web content may lead to arbitrary code execution.
  Multiple memory corruption issues were addressed with improved memory handling.
Comment 5 Swamp Workflow Management 2019-01-15 16:55:33 UTC
SUSE-SU-2019:0092-1: An update that fixes 43 vulnerabilities is now available.

Category: security (important)
Bug References: 1110279,1116998,1119558
CVE References: CVE-2018-11713,CVE-2018-4162,CVE-2018-4163,CVE-2018-4165,CVE-2018-4191,CVE-2018-4197,CVE-2018-4207,CVE-2018-4208,CVE-2018-4209,CVE-2018-4210,CVE-2018-4212,CVE-2018-4213,CVE-2018-4299,CVE-2018-4306,CVE-2018-4309,CVE-2018-4312,CVE-2018-4314,CVE-2018-4315,CVE-2018-4316,CVE-2018-4317,CVE-2018-4318,CVE-2018-4319,CVE-2018-4323,CVE-2018-4328,CVE-2018-4345,CVE-2018-4358,CVE-2018-4359,CVE-2018-4361,CVE-2018-4372,CVE-2018-4373,CVE-2018-4375,CVE-2018-4376,CVE-2018-4378,CVE-2018-4382,CVE-2018-4386,CVE-2018-4392,CVE-2018-4416,CVE-2018-4437,CVE-2018-4438,CVE-2018-4441,CVE-2018-4442,CVE-2018-4443,CVE-2018-4464
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    webkit2gtk3-2.22.5-3.13.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    webkit2gtk3-2.22.5-3.13.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    webkit2gtk3-2.22.5-3.13.1
Comment 6 Swamp Workflow Management 2019-01-23 14:09:18 UTC
openSUSE-SU-2019:0081-1: An update that fixes 43 vulnerabilities is now available.

Category: security (important)
Bug References: 1110279,1116998,1119558
CVE References: CVE-2018-11713,CVE-2018-4162,CVE-2018-4163,CVE-2018-4165,CVE-2018-4191,CVE-2018-4197,CVE-2018-4207,CVE-2018-4208,CVE-2018-4209,CVE-2018-4210,CVE-2018-4212,CVE-2018-4213,CVE-2018-4299,CVE-2018-4306,CVE-2018-4309,CVE-2018-4312,CVE-2018-4314,CVE-2018-4315,CVE-2018-4316,CVE-2018-4317,CVE-2018-4318,CVE-2018-4319,CVE-2018-4323,CVE-2018-4328,CVE-2018-4345,CVE-2018-4358,CVE-2018-4359,CVE-2018-4361,CVE-2018-4372,CVE-2018-4373,CVE-2018-4375,CVE-2018-4376,CVE-2018-4378,CVE-2018-4382,CVE-2018-4386,CVE-2018-4392,CVE-2018-4416,CVE-2018-4437,CVE-2018-4438,CVE-2018-4441,CVE-2018-4442,CVE-2018-4443,CVE-2018-4464
Sources used:
openSUSE Leap 15.0 (src):    webkit2gtk3-2.22.5-lp150.2.9.1
Comment 7 Swamp Workflow Management 2019-01-23 20:11:24 UTC
SUSE-SU-2019:0146-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1119553,1119554,1119555,1119556,1119557,1119558
CVE References: CVE-2018-4437,CVE-2018-4438,CVE-2018-4441,CVE-2018-4442,CVE-2018-4443,CVE-2018-4464
Sources used:
SUSE OpenStack Cloud 7 (src):    webkit2gtk3-2.22.5-2.32.2
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    webkit2gtk3-2.22.5-2.32.2
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    webkit2gtk3-2.22.5-2.32.2
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    webkit2gtk3-2.22.5-2.32.2
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    webkit2gtk3-2.22.5-2.32.2
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    webkit2gtk3-2.22.5-2.32.2
SUSE Linux Enterprise Server 12-SP4 (src):    webkit2gtk3-2.22.5-2.32.2
SUSE Linux Enterprise Server 12-SP3 (src):    webkit2gtk3-2.22.5-2.32.2
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    webkit2gtk3-2.22.5-2.32.2
SUSE Linux Enterprise Server 12-SP2-BCL (src):    webkit2gtk3-2.22.5-2.32.2
SUSE Linux Enterprise Desktop 12-SP4 (src):    webkit2gtk3-2.22.5-2.32.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    webkit2gtk3-2.22.5-2.32.2
SUSE Enterprise Storage 4 (src):    webkit2gtk3-2.22.5-2.32.2
Comment 8 Swamp Workflow Management 2019-01-31 20:10:23 UTC
openSUSE-SU-2019:0108-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1119553,1119554,1119555,1119556,1119557,1119558
CVE References: CVE-2018-4437,CVE-2018-4438,CVE-2018-4441,CVE-2018-4442,CVE-2018-4443,CVE-2018-4464
Sources used:
openSUSE Leap 42.3 (src):    webkit2gtk3-2.22.5-18.1
Comment 9 Swamp Workflow Management 2019-02-26 20:15:41 UTC
SUSE-SU-2019:0497-1: An update that fixes 15 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1119553,1119554,1119555,1119556,1119557,1119558
CVE References: CVE-2018-4437,CVE-2018-4438,CVE-2018-4441,CVE-2018-4442,CVE-2018-4443,CVE-2018-4464,CVE-2019-6212,CVE-2019-6215,CVE-2019-6216,CVE-2019-6217,CVE-2019-6226,CVE-2019-6227,CVE-2019-6229,CVE-2019-6233,CVE-2019-6234
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    webkit2gtk3-2.22.6-3.18.2
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    webkit2gtk3-2.22.6-3.18.2
SUSE Linux Enterprise Module for Basesystem 15 (src):    webkit2gtk3-2.22.6-3.18.2
Comment 10 Swamp Workflow Management 2019-03-08 14:15:19 UTC
openSUSE-SU-2019:0308-1: An update that fixes 15 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1119553,1119554,1119555,1119556,1119557,1119558,1124937
CVE References: CVE-2018-4437,CVE-2018-4438,CVE-2018-4441,CVE-2018-4442,CVE-2018-4443,CVE-2018-4464,CVE-2019-6212,CVE-2019-6215,CVE-2019-6216,CVE-2019-6217,CVE-2019-6226,CVE-2019-6227,CVE-2019-6229,CVE-2019-6233,CVE-2019-6234
Sources used:
openSUSE Leap 15.0 (src):    webkit2gtk3-2.22.6-lp150.2.12.1
Comment 11 Marcus Meissner 2019-07-24 06:37:38 UTC
released