Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.32.4
- CVE-2021-30858: Fixed a security bug that could allow maliciously crafted web content to achieve arbitrary code execution. (bsc#1190701)
- CVE-2021-21806: Fixed an exploitable use-after-free vulnerability via specially crafted HTML web page. (bsc#1188697)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP2
libjavascriptcoregtk-4_0-18-2.32.4-12.3
libwebkit2gtk-4_0-37-2.32.4-12.3
libwebkit2gtk3-lang-2.32.4-12.3
webkit2gtk-4_0-injected-bundles-2.32.4-12.3
SUSE Linux Enterprise Module for Basesystem 15 SP3
libjavascriptcoregtk-4_0-18-2.32.4-12.3
libwebkit2gtk-4_0-37-2.32.4-12.3
libwebkit2gtk3-lang-2.32.4-12.3
webkit2gtk-4_0-injected-bundles-2.32.4-12.3
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
typelib-1_0-JavaScriptCore-4_0-2.32.4-12.3
typelib-1_0-WebKit2-4_0-2.32.4-12.3
typelib-1_0-WebKit2WebExtension-4_0-2.32.4-12.3
webkit2gtk3-devel-2.32.4-12.3
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
typelib-1_0-JavaScriptCore-4_0-2.32.4-12.3
typelib-1_0-WebKit2-4_0-2.32.4-12.3
typelib-1_0-WebKit2WebExtension-4_0-2.32.4-12.3
webkit2gtk3-devel-2.32.4-12.3
Ссылки
- Link for SUSE-SU-2021:3353-1
- E-Mail link for SUSE-SU-2021:3353-1
- SUSE Security Ratings
- SUSE Bug 1188697
- SUSE Bug 1190701
- SUSE CVE CVE-2021-21806 page
- SUSE CVE CVE-2021-30858 page
Описание
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP2:libjavascriptcoregtk-4_0-18-2.32.4-12.3
SUSE Linux Enterprise Module for Basesystem 15 SP2:libwebkit2gtk-4_0-37-2.32.4-12.3
SUSE Linux Enterprise Module for Basesystem 15 SP2:libwebkit2gtk3-lang-2.32.4-12.3
SUSE Linux Enterprise Module for Basesystem 15 SP2:webkit2gtk-4_0-injected-bundles-2.32.4-12.3
Ссылки
- CVE-2021-21806
- SUSE Bug 1188294
- SUSE Bug 1188697
Описание
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP2:libjavascriptcoregtk-4_0-18-2.32.4-12.3
SUSE Linux Enterprise Module for Basesystem 15 SP2:libwebkit2gtk-4_0-37-2.32.4-12.3
SUSE Linux Enterprise Module for Basesystem 15 SP2:libwebkit2gtk3-lang-2.32.4-12.3
SUSE Linux Enterprise Module for Basesystem 15 SP2:webkit2gtk-4_0-injected-bundles-2.32.4-12.3
Ссылки
- CVE-2021-30858
- SUSE Bug 1190701
- SUSE Bug 1191298
- SUSE Bug 1191301