SUSE-SU-2023:0489-1

Опубликовано: 23 фев. 2023

Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

Update to version 2.38.5 (boo#1208328):

CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content.

Update to version 2.38.4 (boo#1207997):

CVE-2023-23517: Fixed web content processing that could have led to arbitrary code execution.
CVE-2023-23518: Fixed web content processing that could have led to arbitrary code execution.
CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management.

New CVE and bug references where added for already released updates:

Update to version 2.38.3 (boo#1206750):

CVE-2022-42852: Fixed disclosure of process memory by improved memory handling.
CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management.
CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management.
CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks.
CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption.
CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content.

Update to version 2.38.1:

CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content.

Update to version 2.38.0:

CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content.

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP4

libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2

libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2

typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2

typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2

typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150400.4.34.2

webkit2gtk-4_0-injected-bundles-2.38.5-150400.4.34.2

webkit2gtk3-soup2-devel-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Desktop Applications 15 SP4

libjavascriptcoregtk-4_1-0-2.38.5-150400.4.34.2

libwebkit2gtk-4_1-0-2.38.5-150400.4.34.2

typelib-1_0-JavaScriptCore-4_1-2.38.5-150400.4.34.2

typelib-1_0-WebKit2-4_1-2.38.5-150400.4.34.2

typelib-1_0-WebKit2WebExtension-4_1-2.38.5-150400.4.34.2

webkit2gtk-4_1-injected-bundles-2.38.5-150400.4.34.2

webkit2gtk3-devel-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Development Tools 15 SP4

libjavascriptcoregtk-5_0-0-2.38.5-150400.4.34.2

libwebkit2gtk-5_0-0-2.38.5-150400.4.34.2

typelib-1_0-JavaScriptCore-5_0-2.38.5-150400.4.34.2

typelib-1_0-WebKit2-5_0-2.38.5-150400.4.34.2

webkit2gtk-5_0-injected-bundles-2.38.5-150400.4.34.2

openSUSE Leap 15.4

WebKit2GTK-4.0-lang-2.38.5-150400.4.34.2

WebKit2GTK-4.1-lang-2.38.5-150400.4.34.2

WebKit2GTK-5.0-lang-2.38.5-150400.4.34.2

libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2

libjavascriptcoregtk-4_0-18-32bit-2.38.5-150400.4.34.2

libjavascriptcoregtk-4_1-0-2.38.5-150400.4.34.2

libjavascriptcoregtk-4_1-0-32bit-2.38.5-150400.4.34.2

libjavascriptcoregtk-5_0-0-2.38.5-150400.4.34.2

libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2

libwebkit2gtk-4_0-37-32bit-2.38.5-150400.4.34.2

libwebkit2gtk-4_1-0-2.38.5-150400.4.34.2

libwebkit2gtk-4_1-0-32bit-2.38.5-150400.4.34.2

libwebkit2gtk-5_0-0-2.38.5-150400.4.34.2

typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2

typelib-1_0-JavaScriptCore-4_1-2.38.5-150400.4.34.2

typelib-1_0-JavaScriptCore-5_0-2.38.5-150400.4.34.2

typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2

typelib-1_0-WebKit2-4_1-2.38.5-150400.4.34.2

typelib-1_0-WebKit2-5_0-2.38.5-150400.4.34.2

typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150400.4.34.2

typelib-1_0-WebKit2WebExtension-4_1-2.38.5-150400.4.34.2

typelib-1_0-WebKit2WebExtension-5_0-2.38.5-150400.4.34.2

webkit-jsc-4-2.38.5-150400.4.34.2

webkit-jsc-4.1-2.38.5-150400.4.34.2

webkit-jsc-5.0-2.38.5-150400.4.34.2

webkit2gtk-4_0-injected-bundles-2.38.5-150400.4.34.2

webkit2gtk-4_1-injected-bundles-2.38.5-150400.4.34.2

webkit2gtk-5_0-injected-bundles-2.38.5-150400.4.34.2

webkit2gtk3-devel-2.38.5-150400.4.34.2

webkit2gtk3-minibrowser-2.38.5-150400.4.34.2

webkit2gtk3-soup2-devel-2.38.5-150400.4.34.2

webkit2gtk3-soup2-minibrowser-2.38.5-150400.4.34.2

webkit2gtk4-devel-2.38.5-150400.4.34.2

webkit2gtk4-minibrowser-2.38.5-150400.4.34.2

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230489-1/
Link for SUSE-SU-2023:0489-1
https://lists.suse.com/pipermail/sle-security-updates/2023-February/013876.html
E-Mail link for SUSE-SU-2023:0489-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1206750
SUSE Bug 1206750
https://bugzilla.suse.com/1207997
SUSE Bug 1207997
https://bugzilla.suse.com/1208328
SUSE Bug 1208328
https://www.suse.com/security/cve/CVE-2022-42826/
SUSE CVE CVE-2022-42826 page
https://www.suse.com/security/cve/CVE-2022-42852/
SUSE CVE CVE-2022-42852 page
https://www.suse.com/security/cve/CVE-2022-42863/
SUSE CVE CVE-2022-42863 page
https://www.suse.com/security/cve/CVE-2022-42867/
SUSE CVE CVE-2022-42867 page
https://www.suse.com/security/cve/CVE-2022-46691/
SUSE CVE CVE-2022-46691 page
https://www.suse.com/security/cve/CVE-2022-46692/
SUSE CVE CVE-2022-46692 page
https://www.suse.com/security/cve/CVE-2022-46698/
SUSE CVE CVE-2022-46698 page
https://www.suse.com/security/cve/CVE-2022-46699/
SUSE CVE CVE-2022-46699 page
https://www.suse.com/security/cve/CVE-2022-46700/
SUSE CVE CVE-2022-46700 page
https://www.suse.com/security/cve/CVE-2023-23517/
SUSE CVE CVE-2023-23517 page
https://www.suse.com/security/cve/CVE-2023-23518/
SUSE CVE CVE-2023-23518 page
https://www.suse.com/security/cve/CVE-2023-23529/
SUSE CVE CVE-2023-23529 page

Описание

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2

Ссылки

https://www.suse.com/security/cve/CVE-2022-42826.html
CVE-2022-42826
https://bugzilla.suse.com/1207997
SUSE Bug 1207997
https://bugzilla.suse.com/1209330
SUSE Bug 1209330

Описание

The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2

Ссылки

https://www.suse.com/security/cve/CVE-2022-42852.html
CVE-2022-42852

Описание

A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2

Ссылки

https://www.suse.com/security/cve/CVE-2022-42863.html
CVE-2022-42863

Описание

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2

Ссылки

https://www.suse.com/security/cve/CVE-2022-42867.html
CVE-2022-42867

Описание

A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2

Ссылки

https://www.suse.com/security/cve/CVE-2022-46691.html
CVE-2022-46691

Описание

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2

Ссылки

https://www.suse.com/security/cve/CVE-2022-46692.html
CVE-2022-46692

Описание

A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2

Ссылки

https://www.suse.com/security/cve/CVE-2022-46698.html
CVE-2022-46698

Описание

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2

Ссылки

https://www.suse.com/security/cve/CVE-2022-46699.html
CVE-2022-46699

Описание

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2

Ссылки

https://www.suse.com/security/cve/CVE-2022-46700.html
CVE-2022-46700

Описание

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-23517.html
CVE-2023-23517
https://bugzilla.suse.com/1207997
SUSE Bug 1207997

Описание

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-23518.html
CVE-2023-23518
https://bugzilla.suse.com/1207997
SUSE Bug 1207997

Описание

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-23529.html
CVE-2023-23529
https://bugzilla.suse.com/1208328
SUSE Bug 1208328

SUSE-SU-2023:0489-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP4

SUSE Linux Enterprise Module for Desktop Applications 15 SP4

SUSE Linux Enterprise Module for Development Tools 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-42826

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-42852

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-42863

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-42867

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-46691

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-46692

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-46698

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-46699

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-46700

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-23517

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-23518

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-23529

Описание

Затронутые продукты

Ссылки