CVE-2009-2199

Upstream information

CVE-2009-2199 at MITRE

Description

Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	5.8
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:P
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	None
Integrity Impact	Partial
Availability Impact	Partial

SUSE Bugzilla entry: 601349 [RESOLVED]

SUSE Security Advisories:

SUSE-SR:2011:002, published Tue, 25 Jan 2011 11:00:00 +0000
openSUSE-SU-2011:0024-1, published Wed, 12 Jan 2011 16:08:25 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 11.2	`libwebkit-1_0-2-debuginfo >= 1.2.6-0.5.1` `libwebkit-debugsource >= 1.2.6-0.5.1` `webkit-jsc-debuginfo >= 1.2.6-0.5.1`
openSUSE 11.2	`libwebkit-1_0-2 >= 1.2.6-0.5.1` `libwebkit-devel >= 1.2.6-0.5.1` `libwebkit-lang >= 1.2.6-0.5.1` `webkit-jsc >= 1.2.6-0.5.1`
openSUSE 11.3	`libwebkit-1_0-2-debuginfo >= 1.2.6-0.2.1` `libwebkit-1_0-2-debuginfo-32bit >= 1.2.6-0.2.1` `libwebkit-debugsource >= 1.2.6-0.2.1` `webkit-jsc-debuginfo >= 1.2.6-0.2.1`
openSUSE 11.3	`libwebkit-1_0-2 >= 1.2.6-0.2.1` `libwebkit-1_0-2-32bit >= 1.2.6-0.2.1` `libwebkit-devel >= 1.2.6-0.2.1` `libwebkit-lang >= 1.2.6-0.2.1` `webkit-jsc >= 1.2.6-0.2.1`