Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
- CVE-2023-41993: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215661).
- CVE-2023-39928: Fixed a use-after-free that could be exploited to execute arbitrary code when visiting a malicious webpage (bsc#1215868).
- CVE-2023-41074: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215870).
Non-security fixes:
- Fixed missing package dependencies (bsc#1215072).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE Linux Enterprise Workstation Extension 12 SP5
Ссылки
- Link for SUSE-SU-2023:4209-1
- E-Mail link for SUSE-SU-2023:4209-1
- SUSE Security Ratings
- SUSE Bug 1213379
- SUSE Bug 1213581
- SUSE Bug 1213905
- SUSE Bug 1215072
- SUSE Bug 1215661
- SUSE Bug 1215866
- SUSE Bug 1215867
- SUSE Bug 1215868
- SUSE Bug 1215869
- SUSE Bug 1215870
- SUSE Bug 1216483
- SUSE CVE CVE-2023-32393 page
- SUSE CVE CVE-2023-35074 page
- SUSE CVE CVE-2023-37450 page
- SUSE CVE CVE-2023-39434 page
- SUSE CVE CVE-2023-39928 page
- SUSE CVE CVE-2023-40451 page
Описание
The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2023-32393
- SUSE Bug 1213581
Описание
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2023-35074
- SUSE Bug 1215866
- SUSE Bug 1217568
Описание
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Затронутые продукты
Ссылки
- CVE-2023-37450
- SUSE Bug 1213379
Описание
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2023-39434
- SUSE Bug 1215867
- SUSE Bug 1217568
Описание
A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2023-39928
- SUSE Bug 1215868
- SUSE Bug 1217568
Описание
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2023-40451
- SUSE Bug 1215869
- SUSE Bug 1217568
Описание
The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2023-41074
- SUSE Bug 1215870
- SUSE Bug 1217568
Описание
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Затронутые продукты
Ссылки
- CVE-2023-41993
- SUSE Bug 1215661
- SUSE Bug 1217568