SUSE-SU-2021:3769-1

Опубликовано: 23 нояб. 2021

Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

CVE-2021-30846: Fixed memory corruption issue that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063).
CVE-2021-30851: Fixed memory corruption vulnerability that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063).
CVE-2021-42762: Updated seccomp rules with latest changes from flatpak (bsc#1191937).

Список пакетов

SUSE Enterprise Storage 6

libjavascriptcoregtk-4_0-18-2.34.1-3.87.1

libwebkit2gtk-4_0-37-2.34.1-3.87.1

libwebkit2gtk3-lang-2.34.1-3.87.1

typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1

webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1

webkit2gtk3-devel-2.34.1-3.87.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

libjavascriptcoregtk-4_0-18-2.34.1-3.87.1

libwebkit2gtk-4_0-37-2.34.1-3.87.1

libwebkit2gtk3-lang-2.34.1-3.87.1

typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1

webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1

webkit2gtk3-devel-2.34.1-3.87.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

libjavascriptcoregtk-4_0-18-2.34.1-3.87.1

libwebkit2gtk-4_0-37-2.34.1-3.87.1

libwebkit2gtk3-lang-2.34.1-3.87.1

typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1

webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1

webkit2gtk3-devel-2.34.1-3.87.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

libjavascriptcoregtk-4_0-18-2.34.1-3.87.1

libwebkit2gtk-4_0-37-2.34.1-3.87.1

libwebkit2gtk3-lang-2.34.1-3.87.1

typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1

webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1

webkit2gtk3-devel-2.34.1-3.87.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

libjavascriptcoregtk-4_0-18-2.34.1-3.87.1

libwebkit2gtk-4_0-37-2.34.1-3.87.1

libwebkit2gtk3-lang-2.34.1-3.87.1

typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1

webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1

webkit2gtk3-devel-2.34.1-3.87.1

SUSE Linux Enterprise Server 15 SP1-BCL

libjavascriptcoregtk-4_0-18-2.34.1-3.87.1

libwebkit2gtk-4_0-37-2.34.1-3.87.1

libwebkit2gtk3-lang-2.34.1-3.87.1

typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1

webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1

webkit2gtk3-devel-2.34.1-3.87.1

SUSE Linux Enterprise Server 15 SP1-LTSS

libjavascriptcoregtk-4_0-18-2.34.1-3.87.1

libwebkit2gtk-4_0-37-2.34.1-3.87.1

libwebkit2gtk3-lang-2.34.1-3.87.1

typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1

webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1

webkit2gtk3-devel-2.34.1-3.87.1

SUSE Linux Enterprise Server 15-LTSS

libjavascriptcoregtk-4_0-18-2.34.1-3.87.1

libwebkit2gtk-4_0-37-2.34.1-3.87.1

libwebkit2gtk3-lang-2.34.1-3.87.1

typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1

webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1

webkit2gtk3-devel-2.34.1-3.87.1

SUSE Linux Enterprise Server for SAP Applications 15

libjavascriptcoregtk-4_0-18-2.34.1-3.87.1

libwebkit2gtk-4_0-37-2.34.1-3.87.1

libwebkit2gtk3-lang-2.34.1-3.87.1

typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1

webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1

webkit2gtk3-devel-2.34.1-3.87.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

libjavascriptcoregtk-4_0-18-2.34.1-3.87.1

libwebkit2gtk-4_0-37-2.34.1-3.87.1

libwebkit2gtk3-lang-2.34.1-3.87.1

typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2-4_0-2.34.1-3.87.1

typelib-1_0-WebKit2WebExtension-4_0-2.34.1-3.87.1

webkit2gtk-4_0-injected-bundles-2.34.1-3.87.1

webkit2gtk3-devel-2.34.1-3.87.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20213769-1/
Link for SUSE-SU-2021:3769-1
https://lists.suse.com/pipermail/sle-security-updates/2021-November/009770.html
E-Mail link for SUSE-SU-2021:3769-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1191937
SUSE Bug 1191937
https://bugzilla.suse.com/1192063
SUSE Bug 1192063
https://www.suse.com/security/cve/CVE-2021-30846/
SUSE CVE CVE-2021-30846 page
https://www.suse.com/security/cve/CVE-2021-30851/
SUSE CVE CVE-2021-30851 page
https://www.suse.com/security/cve/CVE-2021-42762/
SUSE CVE CVE-2021-42762 page

Описание

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты

SUSE Enterprise Storage 6:libjavascriptcoregtk-4_0-18-2.34.1-3.87.1

SUSE Enterprise Storage 6:libwebkit2gtk-4_0-37-2.34.1-3.87.1

SUSE Enterprise Storage 6:libwebkit2gtk3-lang-2.34.1-3.87.1

SUSE Enterprise Storage 6:typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-30846.html
CVE-2021-30846
https://bugzilla.suse.com/1192063
SUSE Bug 1192063

Описание

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution.

Затронутые продукты

SUSE Enterprise Storage 6:libjavascriptcoregtk-4_0-18-2.34.1-3.87.1

SUSE Enterprise Storage 6:libwebkit2gtk-4_0-37-2.34.1-3.87.1

SUSE Enterprise Storage 6:libwebkit2gtk3-lang-2.34.1-3.87.1

SUSE Enterprise Storage 6:typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-30851.html
CVE-2021-30851
https://bugzilla.suse.com/1192063
SUSE Bug 1192063

Описание

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.

Затронутые продукты

SUSE Enterprise Storage 6:libjavascriptcoregtk-4_0-18-2.34.1-3.87.1

SUSE Enterprise Storage 6:libwebkit2gtk-4_0-37-2.34.1-3.87.1

SUSE Enterprise Storage 6:libwebkit2gtk3-lang-2.34.1-3.87.1

SUSE Enterprise Storage 6:typelib-1_0-JavaScriptCore-4_0-2.34.1-3.87.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-42762.html
CVE-2021-42762
https://bugzilla.suse.com/1191937
SUSE Bug 1191937

SUSE-SU-2021:3769-1

Описание

Список пакетов

SUSE Enterprise Storage 6

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Server 15 SP1-BCL

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

SUSE Linux Enterprise Server for SAP Applications 15 SP1

Ссылки

Уязвимость: CVE-2021-30846

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2021-30851

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2021-42762

Описание

Затронутые продукты

Ссылки