SUSE-SU-2021:3603-1

Опубликовано: 03 нояб. 2021

Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

CVE-2021-42762: Updated seccomp rules with latest changes from flatpak (bsc#1191937).

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP2

libjavascriptcoregtk-4_0-18-2.32.4-15.1

libwebkit2gtk-4_0-37-2.32.4-15.1

libwebkit2gtk3-lang-2.32.4-15.1

webkit2gtk-4_0-injected-bundles-2.32.4-15.1

SUSE Linux Enterprise Module for Basesystem 15 SP3

libjavascriptcoregtk-4_0-18-2.32.4-15.1

libwebkit2gtk-4_0-37-2.32.4-15.1

libwebkit2gtk3-lang-2.32.4-15.1

webkit2gtk-4_0-injected-bundles-2.32.4-15.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP2

typelib-1_0-JavaScriptCore-4_0-2.32.4-15.1

typelib-1_0-WebKit2-4_0-2.32.4-15.1

typelib-1_0-WebKit2WebExtension-4_0-2.32.4-15.1

webkit2gtk3-devel-2.32.4-15.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP3

typelib-1_0-JavaScriptCore-4_0-2.32.4-15.1

typelib-1_0-WebKit2-4_0-2.32.4-15.1

typelib-1_0-WebKit2WebExtension-4_0-2.32.4-15.1

webkit2gtk3-devel-2.32.4-15.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20213603-1/
Link for SUSE-SU-2021:3603-1
https://lists.suse.com/pipermail/sle-security-updates/2021-November/009691.html
E-Mail link for SUSE-SU-2021:3603-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1191937
SUSE Bug 1191937
https://www.suse.com/security/cve/CVE-2021-42762/
SUSE CVE CVE-2021-42762 page

Описание

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP2:libjavascriptcoregtk-4_0-18-2.32.4-15.1

SUSE Linux Enterprise Module for Basesystem 15 SP2:libwebkit2gtk-4_0-37-2.32.4-15.1

SUSE Linux Enterprise Module for Basesystem 15 SP2:libwebkit2gtk3-lang-2.32.4-15.1

SUSE Linux Enterprise Module for Basesystem 15 SP2:webkit2gtk-4_0-injected-bundles-2.32.4-15.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-42762.html
CVE-2021-42762
https://bugzilla.suse.com/1191937
SUSE Bug 1191937

SUSE-SU-2021:3603-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP2

SUSE Linux Enterprise Module for Basesystem 15 SP3

SUSE Linux Enterprise Module for Desktop Applications 15 SP2

SUSE Linux Enterprise Module for Desktop Applications 15 SP3

Ссылки

Уязвимость: CVE-2021-42762

Описание

Затронутые продукты

Ссылки