SUSE-SU-2023:4294-1

Опубликовано: 31 окт. 2023

Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 ships missing Lang packages to SUSE Linux Enterprise 15 SP4 and SP5.

Security fixes:

CVE-2023-41993: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215661).
CVE-2023-39928: Fixed a use-after-free that could be exploited to execute arbitrary code when visiting a malicious webpage (bsc#1215868).
CVE-2023-41074: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215870).

Other fixes:

Fixed missing package dependencies (bsc#1215072).

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP4

WebKitGTK-4.0-lang-2.42.1-150400.4.57.2

libjavascriptcoregtk-4_0-18-2.42.1-150400.4.57.2

libwebkit2gtk-4_0-37-2.42.1-150400.4.57.2

typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.57.2

typelib-1_0-WebKit2-4_0-2.42.1-150400.4.57.2

typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150400.4.57.2

webkit2gtk-4_0-injected-bundles-2.42.1-150400.4.57.2

webkit2gtk3-soup2-devel-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP5

WebKitGTK-4.0-lang-2.42.1-150400.4.57.2

libjavascriptcoregtk-4_0-18-2.42.1-150400.4.57.2

libwebkit2gtk-4_0-37-2.42.1-150400.4.57.2

typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.57.2

typelib-1_0-WebKit2-4_0-2.42.1-150400.4.57.2

typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150400.4.57.2

webkit2gtk-4_0-injected-bundles-2.42.1-150400.4.57.2

webkit2gtk3-soup2-devel-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Desktop Applications 15 SP4

WebKitGTK-4.1-lang-2.42.1-150400.4.57.2

libjavascriptcoregtk-4_1-0-2.42.1-150400.4.57.2

libwebkit2gtk-4_1-0-2.42.1-150400.4.57.2

typelib-1_0-JavaScriptCore-4_1-2.42.1-150400.4.57.2

typelib-1_0-WebKit2-4_1-2.42.1-150400.4.57.2

typelib-1_0-WebKit2WebExtension-4_1-2.42.1-150400.4.57.2

webkit2gtk-4_1-injected-bundles-2.42.1-150400.4.57.2

webkit2gtk3-devel-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Desktop Applications 15 SP5

WebKitGTK-4.1-lang-2.42.1-150400.4.57.2

libjavascriptcoregtk-4_1-0-2.42.1-150400.4.57.2

libwebkit2gtk-4_1-0-2.42.1-150400.4.57.2

typelib-1_0-JavaScriptCore-4_1-2.42.1-150400.4.57.2

typelib-1_0-WebKit2-4_1-2.42.1-150400.4.57.2

typelib-1_0-WebKit2WebExtension-4_1-2.42.1-150400.4.57.2

webkit2gtk-4_1-injected-bundles-2.42.1-150400.4.57.2

webkit2gtk3-devel-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Development Tools 15 SP4

WebKitGTK-6.0-lang-2.42.1-150400.4.57.3

libjavascriptcoregtk-6_0-1-2.42.1-150400.4.57.3

libwebkitgtk-6_0-4-2.42.1-150400.4.57.3

webkitgtk-6_0-injected-bundles-2.42.1-150400.4.57.3

SUSE Linux Enterprise Module for Development Tools 15 SP5

WebKitGTK-6.0-lang-2.42.1-150400.4.57.3

libjavascriptcoregtk-6_0-1-2.42.1-150400.4.57.3

libwebkitgtk-6_0-4-2.42.1-150400.4.57.3

webkitgtk-6_0-injected-bundles-2.42.1-150400.4.57.3

openSUSE Leap 15.4

WebKitGTK-4.0-lang-2.42.1-150400.4.57.2

WebKitGTK-4.1-lang-2.42.1-150400.4.57.2

WebKitGTK-6.0-lang-2.42.1-150400.4.57.3

libjavascriptcoregtk-4_0-18-2.42.1-150400.4.57.2

libjavascriptcoregtk-4_0-18-32bit-2.42.1-150400.4.57.2

libjavascriptcoregtk-4_0-18-64bit-2.42.1-150400.4.57.2

libjavascriptcoregtk-4_1-0-2.42.1-150400.4.57.2

libjavascriptcoregtk-4_1-0-32bit-2.42.1-150400.4.57.2

libjavascriptcoregtk-4_1-0-64bit-2.42.1-150400.4.57.2

libjavascriptcoregtk-6_0-1-2.42.1-150400.4.57.3

libwebkit2gtk-4_0-37-2.42.1-150400.4.57.2

libwebkit2gtk-4_0-37-32bit-2.42.1-150400.4.57.2

libwebkit2gtk-4_0-37-64bit-2.42.1-150400.4.57.2

libwebkit2gtk-4_1-0-2.42.1-150400.4.57.2

libwebkit2gtk-4_1-0-32bit-2.42.1-150400.4.57.2

libwebkit2gtk-4_1-0-64bit-2.42.1-150400.4.57.2

libwebkitgtk-6_0-4-2.42.1-150400.4.57.3

typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.57.2

typelib-1_0-JavaScriptCore-4_1-2.42.1-150400.4.57.2

typelib-1_0-JavaScriptCore-6_0-2.42.1-150400.4.57.3

typelib-1_0-WebKit-6_0-2.42.1-150400.4.57.3

typelib-1_0-WebKit2-4_0-2.42.1-150400.4.57.2

typelib-1_0-WebKit2-4_1-2.42.1-150400.4.57.2

typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150400.4.57.2

typelib-1_0-WebKit2WebExtension-4_1-2.42.1-150400.4.57.2

typelib-1_0-WebKitWebProcessExtension-6_0-2.42.1-150400.4.57.3

webkit-jsc-4-2.42.1-150400.4.57.2

webkit-jsc-4.1-2.42.1-150400.4.57.2

webkit-jsc-6.0-2.42.1-150400.4.57.3

webkit2gtk-4_0-injected-bundles-2.42.1-150400.4.57.2

webkit2gtk-4_1-injected-bundles-2.42.1-150400.4.57.2

webkit2gtk3-devel-2.42.1-150400.4.57.2

webkit2gtk3-minibrowser-2.42.1-150400.4.57.2

webkit2gtk3-soup2-devel-2.42.1-150400.4.57.2

webkit2gtk3-soup2-minibrowser-2.42.1-150400.4.57.2

webkit2gtk4-devel-2.42.1-150400.4.57.3

webkit2gtk4-minibrowser-2.42.1-150400.4.57.3

webkitgtk-6_0-injected-bundles-2.42.1-150400.4.57.3

openSUSE Leap 15.5

WebKitGTK-4.0-lang-2.42.1-150400.4.57.2

WebKitGTK-4.1-lang-2.42.1-150400.4.57.2

WebKitGTK-6.0-lang-2.42.1-150400.4.57.3

libjavascriptcoregtk-4_0-18-2.42.1-150400.4.57.2

libjavascriptcoregtk-4_0-18-32bit-2.42.1-150400.4.57.2

libjavascriptcoregtk-4_0-18-64bit-2.42.1-150400.4.57.2

libjavascriptcoregtk-4_1-0-2.42.1-150400.4.57.2

libjavascriptcoregtk-4_1-0-32bit-2.42.1-150400.4.57.2

libjavascriptcoregtk-4_1-0-64bit-2.42.1-150400.4.57.2

libjavascriptcoregtk-6_0-1-2.42.1-150400.4.57.3

libwebkit2gtk-4_0-37-2.42.1-150400.4.57.2

libwebkit2gtk-4_0-37-32bit-2.42.1-150400.4.57.2

libwebkit2gtk-4_0-37-64bit-2.42.1-150400.4.57.2

libwebkit2gtk-4_1-0-2.42.1-150400.4.57.2

libwebkit2gtk-4_1-0-32bit-2.42.1-150400.4.57.2

libwebkit2gtk-4_1-0-64bit-2.42.1-150400.4.57.2

libwebkitgtk-6_0-4-2.42.1-150400.4.57.3

typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.57.2

typelib-1_0-JavaScriptCore-4_1-2.42.1-150400.4.57.2

typelib-1_0-JavaScriptCore-6_0-2.42.1-150400.4.57.3

typelib-1_0-WebKit-6_0-2.42.1-150400.4.57.3

typelib-1_0-WebKit2-4_0-2.42.1-150400.4.57.2

typelib-1_0-WebKit2-4_1-2.42.1-150400.4.57.2

typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150400.4.57.2

typelib-1_0-WebKit2WebExtension-4_1-2.42.1-150400.4.57.2

typelib-1_0-WebKitWebProcessExtension-6_0-2.42.1-150400.4.57.3

webkit-jsc-4-2.42.1-150400.4.57.2

webkit-jsc-4.1-2.42.1-150400.4.57.2

webkit-jsc-6.0-2.42.1-150400.4.57.3

webkit2gtk-4_0-injected-bundles-2.42.1-150400.4.57.2

webkit2gtk-4_1-injected-bundles-2.42.1-150400.4.57.2

webkit2gtk3-devel-2.42.1-150400.4.57.2

webkit2gtk3-minibrowser-2.42.1-150400.4.57.2

webkit2gtk3-soup2-devel-2.42.1-150400.4.57.2

webkit2gtk3-soup2-minibrowser-2.42.1-150400.4.57.2

webkit2gtk4-devel-2.42.1-150400.4.57.3

webkit2gtk4-minibrowser-2.42.1-150400.4.57.3

webkitgtk-6_0-injected-bundles-2.42.1-150400.4.57.3

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20234294-1/
Link for SUSE-SU-2023:4294-1
https://lists.suse.com/pipermail/sle-security-updates/2023-October/016946.html
E-Mail link for SUSE-SU-2023:4294-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1214093
SUSE Bug 1214093
https://bugzilla.suse.com/1214640
SUSE Bug 1214640
https://bugzilla.suse.com/1214835
SUSE Bug 1214835
https://bugzilla.suse.com/1215072
SUSE Bug 1215072
https://bugzilla.suse.com/1215661
SUSE Bug 1215661
https://bugzilla.suse.com/1215866
SUSE Bug 1215866
https://bugzilla.suse.com/1215867
SUSE Bug 1215867
https://bugzilla.suse.com/1215868
SUSE Bug 1215868
https://bugzilla.suse.com/1215869
SUSE Bug 1215869
https://bugzilla.suse.com/1215870
SUSE Bug 1215870
https://bugzilla.suse.com/1216483
SUSE Bug 1216483
https://www.suse.com/security/cve/CVE-2023-35074/
SUSE CVE CVE-2023-35074 page
https://www.suse.com/security/cve/CVE-2023-39434/
SUSE CVE CVE-2023-39434 page
https://www.suse.com/security/cve/CVE-2023-39928/
SUSE CVE CVE-2023-39928 page
https://www.suse.com/security/cve/CVE-2023-40451/
SUSE CVE CVE-2023-40451 page
https://www.suse.com/security/cve/CVE-2023-41074/
SUSE CVE CVE-2023-41074 page
https://www.suse.com/security/cve/CVE-2023-41993/
SUSE CVE CVE-2023-41993 page

Описание

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:WebKitGTK-4.0-lang-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.57.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-35074.html
CVE-2023-35074
https://bugzilla.suse.com/1215866
SUSE Bug 1215866
https://bugzilla.suse.com/1217568
SUSE Bug 1217568

Описание

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:WebKitGTK-4.0-lang-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.57.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-39434.html
CVE-2023-39434
https://bugzilla.suse.com/1215867
SUSE Bug 1215867
https://bugzilla.suse.com/1217568
SUSE Bug 1217568

Описание

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:WebKitGTK-4.0-lang-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.57.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-39928.html
CVE-2023-39928
https://bugzilla.suse.com/1215868
SUSE Bug 1215868
https://bugzilla.suse.com/1217568
SUSE Bug 1217568

Описание

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:WebKitGTK-4.0-lang-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.57.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-40451.html
CVE-2023-40451
https://bugzilla.suse.com/1215869
SUSE Bug 1215869
https://bugzilla.suse.com/1217568
SUSE Bug 1217568

Описание

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:WebKitGTK-4.0-lang-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.57.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-41074.html
CVE-2023-41074
https://bugzilla.suse.com/1215870
SUSE Bug 1215870
https://bugzilla.suse.com/1217568
SUSE Bug 1217568

Описание

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP4:WebKitGTK-4.0-lang-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libjavascriptcoregtk-4_0-18-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:libwebkit2gtk-4_0-37-2.42.1-150400.4.57.2

SUSE Linux Enterprise Module for Basesystem 15 SP4:typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.57.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-41993.html
CVE-2023-41993
https://bugzilla.suse.com/1215661
SUSE Bug 1215661
https://bugzilla.suse.com/1217568
SUSE Bug 1217568

SUSE-SU-2023:4294-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP4

SUSE Linux Enterprise Module for Basesystem 15 SP5

SUSE Linux Enterprise Module for Desktop Applications 15 SP4

SUSE Linux Enterprise Module for Desktop Applications 15 SP5

SUSE Linux Enterprise Module for Development Tools 15 SP4

SUSE Linux Enterprise Module for Development Tools 15 SP5

openSUSE Leap 15.4

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-35074

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-39434

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-39928

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-40451

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-41074

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-41993

Описание

Затронутые продукты

Ссылки