Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.32.0 (bsc#1184155):
- Fix the authentication request port when URL omits the port.
- Fix iframe scrolling when main frame is scrolled in async
- scrolling mode.
- Stop using g_memdup.
- Show a warning message when overriding signal handler for
- threading suspension.
- Fix the build on RISC-V with GCC 11.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871
- Update in version 2.30.6 (bsc#1184262):
- Update user agent quirks again for Google Docs and Google Drive.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765 CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870.
- Update _constraints for armv6/armv7 (bsc#1182719)
- restore NPAPI plugin support which was removed in 2.32.0
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
Ссылки
- Link for SUSE-SU-2021:1430-1
- E-Mail link for SUSE-SU-2021:1430-1
- SUSE Security Ratings
- SUSE Bug 1182719
- SUSE Bug 1184155
- SUSE Bug 1184262
- SUSE CVE CVE-2020-27918 page
- SUSE CVE CVE-2020-29623 page
- SUSE CVE CVE-2021-1765 page
- SUSE CVE CVE-2021-1788 page
- SUSE CVE CVE-2021-1789 page
- SUSE CVE CVE-2021-1799 page
- SUSE CVE CVE-2021-1801 page
- SUSE CVE CVE-2021-1844 page
- SUSE CVE CVE-2021-1870 page
- SUSE CVE CVE-2021-1871 page
Описание
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2020-27918
- SUSE Bug 1184262
Описание
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.
Затронутые продукты
Ссылки
- CVE-2020-29623
- SUSE Bug 1184262
Описание
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.
Затронутые продукты
Ссылки
- CVE-2021-1765
- SUSE Bug 1184262
Описание
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2021-1788
- SUSE Bug 1184155
Описание
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2021-1789
- SUSE Bug 1184262
Описание
A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.
Затронутые продукты
Ссылки
- CVE-2021-1799
- SUSE Bug 1184262
Описание
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.
Затронутые продукты
Ссылки
- CVE-2021-1801
- SUSE Bug 1184262
Описание
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2021-1844
- SUSE Bug 1184155
Описание
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Затронутые продукты
Ссылки
- CVE-2021-1870
- SUSE Bug 1184262
Описание
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Затронутые продукты
Ссылки
- CVE-2021-1871
- SUSE Bug 1184155