Upstream information

CVE-2015-7002 at MITRE

Description

WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 1082221 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 42.1
  • libjavascriptcoregtk-4_0-18 >= 2.10.7-7.1
  • libjavascriptcoregtk-4_0-18-32bit >= 2.10.7-7.1
  • libjavascriptcoregtk-4_0-18-debuginfo >= 2.10.7-7.1
  • libjavascriptcoregtk-4_0-18-debuginfo-32bit >= 2.10.7-7.1
  • libwebkit2gtk-4_0-37 >= 2.10.7-7.1
  • libwebkit2gtk-4_0-37-32bit >= 2.10.7-7.1
  • libwebkit2gtk-4_0-37-debuginfo >= 2.10.7-7.1
  • libwebkit2gtk-4_0-37-debuginfo-32bit >= 2.10.7-7.1
  • libwebkit2gtk3-lang >= 2.10.7-7.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.10.7-7.1
  • typelib-1_0-WebKit2-4_0 >= 2.10.7-7.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.10.7-7.1
  • webkit-jsc-4 >= 2.10.7-7.1
  • webkit-jsc-4-debuginfo >= 2.10.7-7.1
  • webkit2gtk-4_0-injected-bundles >= 2.10.7-7.1
  • webkit2gtk-4_0-injected-bundles-debuginfo >= 2.10.7-7.1
  • webkit2gtk3 >= 2.10.7-7.1
  • webkit2gtk3-debugsource >= 2.10.7-7.1
  • webkit2gtk3-devel >= 2.10.7-7.1
Patchnames:
openSUSE-2016-340