Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:4978-1

Опубликовано: 27 дек. 2023
Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

  • CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution (bsc#1218033).
  • CVE-2023-42883: Fixed processing a malicious image may lead to a denial-of-service (bsc#1218032).
  • CVE-2023-41074: Fixed use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (bsc#1215870).
  • CVE-2023-39928: Fixed use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (bsc#1215868).
  • CVE-2023-40451: Update to version 2.42.4 (bsc#1215869).

Список пакетов

SUSE Linux Enterprise Server 12 SP5
libjavascriptcoregtk-4_0-18-2.42.4-2.164.1
libwebkit2gtk-4_0-37-2.42.4-2.164.1
libwebkit2gtk3-lang-2.42.4-2.164.1
typelib-1_0-JavaScriptCore-4_0-2.42.4-2.164.1
typelib-1_0-WebKit2-4_0-2.42.4-2.164.1
typelib-1_0-WebKit2WebExtension-4_0-2.42.4-2.164.1
webkit2gtk-4_0-injected-bundles-2.42.4-2.164.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libjavascriptcoregtk-4_0-18-2.42.4-2.164.1
libwebkit2gtk-4_0-37-2.42.4-2.164.1
libwebkit2gtk3-lang-2.42.4-2.164.1
typelib-1_0-JavaScriptCore-4_0-2.42.4-2.164.1
typelib-1_0-WebKit2-4_0-2.42.4-2.164.1
typelib-1_0-WebKit2WebExtension-4_0-2.42.4-2.164.1
webkit2gtk-4_0-injected-bundles-2.42.4-2.164.1
SUSE Linux Enterprise Software Development Kit 12 SP5
typelib-1_0-WebKit2WebExtension-4_0-2.42.4-2.164.1
webkit2gtk3-devel-2.42.4-2.164.1
SUSE Linux Enterprise Workstation Extension 12 SP5
libjavascriptcoregtk-4_0-18-32bit-2.42.4-2.164.1

Ссылки

Описание

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libjavascriptcoregtk-4_0-18-2.42.4-2.164.1
SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk-4_0-37-2.42.4-2.164.1
SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk3-lang-2.42.4-2.164.1
SUSE Linux Enterprise Server 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.42.4-2.164.1
Ссылки

Описание

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libjavascriptcoregtk-4_0-18-2.42.4-2.164.1
SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk-4_0-37-2.42.4-2.164.1
SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk3-lang-2.42.4-2.164.1
SUSE Linux Enterprise Server 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.42.4-2.164.1
Ссылки

Описание

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libjavascriptcoregtk-4_0-18-2.42.4-2.164.1
SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk-4_0-37-2.42.4-2.164.1
SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk3-lang-2.42.4-2.164.1
SUSE Linux Enterprise Server 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.42.4-2.164.1
Ссылки

Описание

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libjavascriptcoregtk-4_0-18-2.42.4-2.164.1
SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk-4_0-37-2.42.4-2.164.1
SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk3-lang-2.42.4-2.164.1
SUSE Linux Enterprise Server 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.42.4-2.164.1
Ссылки

Описание

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libjavascriptcoregtk-4_0-18-2.42.4-2.164.1
SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk-4_0-37-2.42.4-2.164.1
SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk3-lang-2.42.4-2.164.1
SUSE Linux Enterprise Server 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.42.4-2.164.1
Ссылки
Уязвимость SUSE-SU-2023:4978-1