Package epiphany updated to version 3.28.3.1-alt1 for branch sisyphus in task 208024.

Published: 2018-05-23
Modified: 2024-11-21

CVE-2018-11396

ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

openSUSE-SU-2019:2318
openSUSE-SU-2019:2318
https://bugzilla.gnome.org/show_bug.cgi?id=795740
https://bugzilla.gnome.org/show_bug.cgi?id=795740

Published: 2018-06-07
Modified: 2024-11-21

CVE-2018-12016

libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

https://github.com/ldpreload/Disclosure/blob/master/EpiphanyDoS.txt
https://github.com/ldpreload/Disclosure/blob/master/EpiphanyDoS.txt

Version: 2.1.0

Package epiphany update in sisyphus on 2018-06-08

ALT-PU-2018-1877-1

Closed vulnerabilities

CVE-2018-11396

CVE-2018-12016