Fedora 30 : webkit2gtk3 (2019-d9a15be3ba)

high Nessus Plugin ID 124544

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

- Do not allow changes in active URI before provisional load starts for non-API requests.

- Stop the threaded compositor when the page is not visible or layer tree state is frozen.

- Use WebKit HTTP source element again for adaptive streaming fragments downloading.

- Properly handle empty resources in webkit_web_resource_get_data().

- Add quirk to ensure outlook.live.com uses the modern UI.

- Fix methods returing GObject or boxed types in JavaScriptCore GLib API.

- Ensure callback data is passed to functions and constructors with no parameters in JavaScriptCore GLib API.

- Fix rendering of complex text when the font uses x,y origins.

- Fix sound loop with Google Hangouts and WhatsApp notifications.

- Fix the build with GStreamer 1.12.5 and GST GL enabled.

- Detect SSE2 at compile time.

- Fix several crashes and rendering issues.

- Security fixes: CVE-2019-6251, CVE-2019-11070.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected webkit2gtk3 package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2019-d9a15be3ba

Plugin Details

Severity: High

ID: 124544

File Name: fedora_2019-d9a15be3ba.nasl

Version: 1.4

Type: local

Agent: unix

Published: 5/2/2019

Updated: 5/29/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2019-6251

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:webkit2gtk3, cpe:/o:fedoraproject:fedora:30

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/13/2019

Vulnerability Publication Date: 1/14/2019

Reference Information

CVE: CVE-2019-11070, CVE-2019-6251