SUSE-SU-2022:2820-1

Опубликовано: 16 авг. 2022

Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

Update to version 2.36.5 (bsc#1201980):
- Add support for PAC proxy in the WebDriver implementation.
- Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser.
- Fix WebKitWebView::context-menu when using GTK4.
- Fix LTO builds with GCC.
- Fix several crashes and rendering issues.
Security fixes:
- CVE-2022-32792: Fixed processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to UI spoofing.

Список пакетов

SUSE Enterprise Storage 7

libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1

libwebkit2gtk-4_0-37-2.36.5-150200.41.1

libwebkit2gtk3-lang-2.36.5-150200.41.1

typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1

webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1

webkit2gtk3-devel-2.36.5-150200.41.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1

libwebkit2gtk-4_0-37-2.36.5-150200.41.1

libwebkit2gtk3-lang-2.36.5-150200.41.1

typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1

webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1

webkit2gtk3-devel-2.36.5-150200.41.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1

libwebkit2gtk-4_0-37-2.36.5-150200.41.1

libwebkit2gtk3-lang-2.36.5-150200.41.1

typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1

webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1

webkit2gtk3-devel-2.36.5-150200.41.1

SUSE Linux Enterprise Module for Basesystem 15 SP3

libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1

libwebkit2gtk-4_0-37-2.36.5-150200.41.1

libwebkit2gtk3-lang-2.36.5-150200.41.1

webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP3

typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1

webkit2gtk3-devel-2.36.5-150200.41.1

SUSE Linux Enterprise Server 15 SP2-BCL

libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1

libwebkit2gtk-4_0-37-2.36.5-150200.41.1

libwebkit2gtk3-lang-2.36.5-150200.41.1

typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1

webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1

webkit2gtk3-devel-2.36.5-150200.41.1

SUSE Linux Enterprise Server 15 SP2-LTSS

libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1

libwebkit2gtk-4_0-37-2.36.5-150200.41.1

libwebkit2gtk3-lang-2.36.5-150200.41.1

typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1

webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1

webkit2gtk3-devel-2.36.5-150200.41.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1

libwebkit2gtk-4_0-37-2.36.5-150200.41.1

libwebkit2gtk3-lang-2.36.5-150200.41.1

typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1

webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1

webkit2gtk3-devel-2.36.5-150200.41.1

SUSE Manager Proxy 4.1

libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1

libwebkit2gtk-4_0-37-2.36.5-150200.41.1

libwebkit2gtk3-lang-2.36.5-150200.41.1

typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1

webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1

webkit2gtk3-devel-2.36.5-150200.41.1

SUSE Manager Retail Branch Server 4.1

libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1

libwebkit2gtk-4_0-37-2.36.5-150200.41.1

libwebkit2gtk3-lang-2.36.5-150200.41.1

typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1

webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1

webkit2gtk3-devel-2.36.5-150200.41.1

SUSE Manager Server 4.1

libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1

libwebkit2gtk-4_0-37-2.36.5-150200.41.1

libwebkit2gtk3-lang-2.36.5-150200.41.1

typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1

webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1

webkit2gtk3-devel-2.36.5-150200.41.1

openSUSE Leap 15.3

libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1

libjavascriptcoregtk-4_0-18-32bit-2.36.5-150200.41.1

libwebkit2gtk-4_0-37-2.36.5-150200.41.1

libwebkit2gtk-4_0-37-32bit-2.36.5-150200.41.1

libwebkit2gtk3-lang-2.36.5-150200.41.1

typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1

webkit-jsc-4-2.36.5-150200.41.1

webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1

webkit2gtk3-devel-2.36.5-150200.41.1

webkit2gtk3-minibrowser-2.36.5-150200.41.1

openSUSE Leap 15.4

libwebkit2gtk3-lang-2.36.5-150200.41.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20222820-1/
Link for SUSE-SU-2022:2820-1
https://lists.suse.com/pipermail/sle-security-updates/2022-August/011922.html
E-Mail link for SUSE-SU-2022:2820-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1201980
SUSE Bug 1201980
https://www.suse.com/security/cve/CVE-2022-32792/
SUSE CVE CVE-2022-32792 page
https://www.suse.com/security/cve/CVE-2022-32816/
SUSE CVE CVE-2022-32816 page

Описание

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты

SUSE Enterprise Storage 7:libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1

SUSE Enterprise Storage 7:libwebkit2gtk-4_0-37-2.36.5-150200.41.1

SUSE Enterprise Storage 7:libwebkit2gtk3-lang-2.36.5-150200.41.1

SUSE Enterprise Storage 7:typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-32792.html
CVE-2022-32792
https://bugzilla.suse.com/1201980
SUSE Bug 1201980
https://bugzilla.suse.com/1202313
SUSE Bug 1202313

Описание

The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing.

Затронутые продукты

SUSE Enterprise Storage 7:libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1

SUSE Enterprise Storage 7:libwebkit2gtk-4_0-37-2.36.5-150200.41.1

SUSE Enterprise Storage 7:libwebkit2gtk3-lang-2.36.5-150200.41.1

SUSE Enterprise Storage 7:typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-32816.html
CVE-2022-32816
https://bugzilla.suse.com/1201980
SUSE Bug 1201980

SUSE-SU-2022:2820-1

Описание

Список пакетов

SUSE Enterprise Storage 7

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise Module for Basesystem 15 SP3

SUSE Linux Enterprise Module for Desktop Applications 15 SP3

SUSE Linux Enterprise Server 15 SP2-BCL

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Manager Proxy 4.1

SUSE Manager Retail Branch Server 4.1

SUSE Manager Server 4.1

openSUSE Leap 15.3

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-32792

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-32816

Описание

Затронутые продукты

Ссылки