Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.32.4
- CVE-2021-30858: Fixed a security bug that could allow maliciously crafted web content to achieve arbitrary code execution. (bsc#1190701)
- CVE-2021-21806: Fixed an exploitable use-after-free vulnerability via specially crafted HTML web page. (bsc#1188697)
Список пакетов
SUSE Enterprise Storage 6
libjavascriptcoregtk-4_0-18-2.32.4-3.82.1
libwebkit2gtk-4_0-37-2.32.4-3.82.1
libwebkit2gtk3-lang-2.32.4-3.82.1
typelib-1_0-JavaScriptCore-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2WebExtension-4_0-2.32.4-3.82.1
webkit2gtk-4_0-injected-bundles-2.32.4-3.82.1
webkit2gtk3-devel-2.32.4-3.82.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
libjavascriptcoregtk-4_0-18-2.32.4-3.82.1
libwebkit2gtk-4_0-37-2.32.4-3.82.1
libwebkit2gtk3-lang-2.32.4-3.82.1
typelib-1_0-JavaScriptCore-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2WebExtension-4_0-2.32.4-3.82.1
webkit2gtk-4_0-injected-bundles-2.32.4-3.82.1
webkit2gtk3-devel-2.32.4-3.82.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
libjavascriptcoregtk-4_0-18-2.32.4-3.82.1
libwebkit2gtk-4_0-37-2.32.4-3.82.1
libwebkit2gtk3-lang-2.32.4-3.82.1
typelib-1_0-JavaScriptCore-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2WebExtension-4_0-2.32.4-3.82.1
webkit2gtk-4_0-injected-bundles-2.32.4-3.82.1
webkit2gtk3-devel-2.32.4-3.82.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
libjavascriptcoregtk-4_0-18-2.32.4-3.82.1
libwebkit2gtk-4_0-37-2.32.4-3.82.1
libwebkit2gtk3-lang-2.32.4-3.82.1
typelib-1_0-JavaScriptCore-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2WebExtension-4_0-2.32.4-3.82.1
webkit2gtk-4_0-injected-bundles-2.32.4-3.82.1
webkit2gtk3-devel-2.32.4-3.82.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
libjavascriptcoregtk-4_0-18-2.32.4-3.82.1
libwebkit2gtk-4_0-37-2.32.4-3.82.1
libwebkit2gtk3-lang-2.32.4-3.82.1
typelib-1_0-JavaScriptCore-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2WebExtension-4_0-2.32.4-3.82.1
webkit2gtk-4_0-injected-bundles-2.32.4-3.82.1
webkit2gtk3-devel-2.32.4-3.82.1
SUSE Linux Enterprise Server 15 SP1-BCL
libjavascriptcoregtk-4_0-18-2.32.4-3.82.1
libwebkit2gtk-4_0-37-2.32.4-3.82.1
libwebkit2gtk3-lang-2.32.4-3.82.1
typelib-1_0-JavaScriptCore-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2WebExtension-4_0-2.32.4-3.82.1
webkit2gtk-4_0-injected-bundles-2.32.4-3.82.1
webkit2gtk3-devel-2.32.4-3.82.1
SUSE Linux Enterprise Server 15 SP1-LTSS
libjavascriptcoregtk-4_0-18-2.32.4-3.82.1
libwebkit2gtk-4_0-37-2.32.4-3.82.1
libwebkit2gtk3-lang-2.32.4-3.82.1
typelib-1_0-JavaScriptCore-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2WebExtension-4_0-2.32.4-3.82.1
webkit2gtk-4_0-injected-bundles-2.32.4-3.82.1
webkit2gtk3-devel-2.32.4-3.82.1
SUSE Linux Enterprise Server 15-LTSS
libjavascriptcoregtk-4_0-18-2.32.4-3.82.1
libwebkit2gtk-4_0-37-2.32.4-3.82.1
libwebkit2gtk3-lang-2.32.4-3.82.1
typelib-1_0-JavaScriptCore-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2WebExtension-4_0-2.32.4-3.82.1
webkit2gtk-4_0-injected-bundles-2.32.4-3.82.1
webkit2gtk3-devel-2.32.4-3.82.1
SUSE Linux Enterprise Server for SAP Applications 15
libjavascriptcoregtk-4_0-18-2.32.4-3.82.1
libwebkit2gtk-4_0-37-2.32.4-3.82.1
libwebkit2gtk3-lang-2.32.4-3.82.1
typelib-1_0-JavaScriptCore-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2WebExtension-4_0-2.32.4-3.82.1
webkit2gtk-4_0-injected-bundles-2.32.4-3.82.1
webkit2gtk3-devel-2.32.4-3.82.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
libjavascriptcoregtk-4_0-18-2.32.4-3.82.1
libwebkit2gtk-4_0-37-2.32.4-3.82.1
libwebkit2gtk3-lang-2.32.4-3.82.1
typelib-1_0-JavaScriptCore-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2-4_0-2.32.4-3.82.1
typelib-1_0-WebKit2WebExtension-4_0-2.32.4-3.82.1
webkit2gtk-4_0-injected-bundles-2.32.4-3.82.1
webkit2gtk3-devel-2.32.4-3.82.1
Ссылки
- Link for SUSE-SU-2021:3282-1
- E-Mail link for SUSE-SU-2021:3282-1
- SUSE Security Ratings
- SUSE Bug 1188697
- SUSE Bug 1190701
- SUSE CVE CVE-2021-21806 page
- SUSE CVE CVE-2021-30858 page
Описание
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.
Затронутые продукты
SUSE Enterprise Storage 6:libjavascriptcoregtk-4_0-18-2.32.4-3.82.1
SUSE Enterprise Storage 6:libwebkit2gtk-4_0-37-2.32.4-3.82.1
SUSE Enterprise Storage 6:libwebkit2gtk3-lang-2.32.4-3.82.1
SUSE Enterprise Storage 6:typelib-1_0-JavaScriptCore-4_0-2.32.4-3.82.1
Ссылки
- CVE-2021-21806
- SUSE Bug 1188294
- SUSE Bug 1188697
Описание
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Затронутые продукты
SUSE Enterprise Storage 6:libjavascriptcoregtk-4_0-18-2.32.4-3.82.1
SUSE Enterprise Storage 6:libwebkit2gtk-4_0-37-2.32.4-3.82.1
SUSE Enterprise Storage 6:libwebkit2gtk3-lang-2.32.4-3.82.1
SUSE Enterprise Storage 6:typelib-1_0-JavaScriptCore-4_0-2.32.4-3.82.1
Ссылки
- CVE-2021-30858
- SUSE Bug 1190701
- SUSE Bug 1191298
- SUSE Bug 1191301