SUSE-SU-2022:3136-1

Опубликовано: 07 сент. 2022

Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

Updated to version 2.36.7 (bsc#1202807):
- CVE-2022-32893: Fixed an issue that would be triggered when processing malicious web content and that could lead to arbitrary code execution.
- Fixed several crashes and rendering issues.
Updated to version 2.36.6:
- Fixed handling of touchpad scrolling on GTK4 builds
- Fixed WebKitGTK not allowing to be used from non-main threads (bsc#1202169).
- Fixed several crashes and rendering issues

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

libjavascriptcoregtk-4_0-18-2.36.7-2.110.1

libwebkit2gtk-4_0-37-2.36.7-2.110.1

libwebkit2gtk3-lang-2.36.7-2.110.1

typelib-1_0-JavaScriptCore-4_0-2.36.7-2.110.1

typelib-1_0-WebKit2-4_0-2.36.7-2.110.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.7-2.110.1

webkit2gtk-4_0-injected-bundles-2.36.7-2.110.1

webkit2gtk3-devel-2.36.7-2.110.1

SUSE Linux Enterprise Server 12 SP3-BCL

libjavascriptcoregtk-4_0-18-2.36.7-2.110.1

libwebkit2gtk-4_0-37-2.36.7-2.110.1

typelib-1_0-JavaScriptCore-4_0-2.36.7-2.110.1

typelib-1_0-WebKit2-4_0-2.36.7-2.110.1

webkit2gtk-4_0-injected-bundles-2.36.7-2.110.1

SUSE Linux Enterprise Server 12 SP4-LTSS

libjavascriptcoregtk-4_0-18-2.36.7-2.110.1

libwebkit2gtk-4_0-37-2.36.7-2.110.1

libwebkit2gtk3-lang-2.36.7-2.110.1

typelib-1_0-JavaScriptCore-4_0-2.36.7-2.110.1

typelib-1_0-WebKit2-4_0-2.36.7-2.110.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.7-2.110.1

webkit2gtk-4_0-injected-bundles-2.36.7-2.110.1

SUSE Linux Enterprise Server 12 SP5

libjavascriptcoregtk-4_0-18-2.36.7-2.110.1

libwebkit2gtk-4_0-37-2.36.7-2.110.1

libwebkit2gtk3-lang-2.36.7-2.110.1

typelib-1_0-JavaScriptCore-4_0-2.36.7-2.110.1

typelib-1_0-WebKit2-4_0-2.36.7-2.110.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.7-2.110.1

webkit2gtk-4_0-injected-bundles-2.36.7-2.110.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libjavascriptcoregtk-4_0-18-2.36.7-2.110.1

libwebkit2gtk-4_0-37-2.36.7-2.110.1

libwebkit2gtk3-lang-2.36.7-2.110.1

typelib-1_0-JavaScriptCore-4_0-2.36.7-2.110.1

typelib-1_0-WebKit2-4_0-2.36.7-2.110.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.7-2.110.1

webkit2gtk-4_0-injected-bundles-2.36.7-2.110.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libjavascriptcoregtk-4_0-18-2.36.7-2.110.1

libwebkit2gtk-4_0-37-2.36.7-2.110.1

libwebkit2gtk3-lang-2.36.7-2.110.1

typelib-1_0-JavaScriptCore-4_0-2.36.7-2.110.1

typelib-1_0-WebKit2-4_0-2.36.7-2.110.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.7-2.110.1

webkit2gtk-4_0-injected-bundles-2.36.7-2.110.1

SUSE Linux Enterprise Software Development Kit 12 SP5

typelib-1_0-WebKit2WebExtension-4_0-2.36.7-2.110.1

webkit2gtk3-devel-2.36.7-2.110.1

SUSE OpenStack Cloud 9

libjavascriptcoregtk-4_0-18-2.36.7-2.110.1

libwebkit2gtk-4_0-37-2.36.7-2.110.1

libwebkit2gtk3-lang-2.36.7-2.110.1

typelib-1_0-JavaScriptCore-4_0-2.36.7-2.110.1

typelib-1_0-WebKit2-4_0-2.36.7-2.110.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.7-2.110.1

webkit2gtk-4_0-injected-bundles-2.36.7-2.110.1

SUSE OpenStack Cloud Crowbar 9

libjavascriptcoregtk-4_0-18-2.36.7-2.110.1

libwebkit2gtk-4_0-37-2.36.7-2.110.1

libwebkit2gtk3-lang-2.36.7-2.110.1

typelib-1_0-JavaScriptCore-4_0-2.36.7-2.110.1

typelib-1_0-WebKit2-4_0-2.36.7-2.110.1

typelib-1_0-WebKit2WebExtension-4_0-2.36.7-2.110.1

webkit2gtk-4_0-injected-bundles-2.36.7-2.110.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223136-1/
Link for SUSE-SU-2022:3136-1
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012140.html
E-Mail link for SUSE-SU-2022:3136-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1202169
SUSE Bug 1202169
https://bugzilla.suse.com/1202807
SUSE Bug 1202807
https://www.suse.com/security/cve/CVE-2022-32893/
SUSE CVE CVE-2022-32893 page

Описание

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:libjavascriptcoregtk-4_0-18-2.36.7-2.110.1

SUSE Linux Enterprise Server 12 SP2-BCL:libwebkit2gtk-4_0-37-2.36.7-2.110.1

SUSE Linux Enterprise Server 12 SP2-BCL:libwebkit2gtk3-lang-2.36.7-2.110.1

SUSE Linux Enterprise Server 12 SP2-BCL:typelib-1_0-JavaScriptCore-4_0-2.36.7-2.110.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-32893.html
CVE-2022-32893
https://bugzilla.suse.com/1202807
SUSE Bug 1202807
https://bugzilla.suse.com/1203001
SUSE Bug 1203001

SUSE-SU-2022:3136-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP3-BCL

SUSE Linux Enterprise Server 12 SP4-LTSS

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 9

Ссылки

Уязвимость: CVE-2022-32893

Описание

Затронутые продукты

Ссылки