Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
- CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution (bsc#1218033).
- CVE-2023-42883: Fixed processing a malicious image may lead to a denial-of-service (bsc#1218032).
- CVE-2023-41074: Fixed use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (bsc#1215870).
- CVE-2023-39928: Fixed use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (bsc#1215868).
- CVE-2023-40451, CVE-2023-41074: Update to version 2.42.4 (bsc#1215868).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP1
Ссылки
- Link for SUSE-SU-2024:0002-1
- E-Mail link for SUSE-SU-2024:0002-1
- SUSE Security Ratings
- SUSE Bug 1215868
- SUSE Bug 1215869
- SUSE Bug 1215870
- SUSE Bug 1218032
- SUSE Bug 1218033
- SUSE CVE CVE-2023-32359 page
- SUSE CVE CVE-2023-39928 page
- SUSE CVE CVE-2023-40451 page
- SUSE CVE CVE-2023-41074 page
- SUSE CVE CVE-2023-42883 page
- SUSE CVE CVE-2023-42890 page
Описание
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.
Затронутые продукты
Ссылки
- CVE-2023-32359
- SUSE Bug 1217210
- SUSE Bug 1217568
Описание
A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2023-39928
- SUSE Bug 1215868
- SUSE Bug 1217568
Описание
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2023-40451
- SUSE Bug 1215869
- SUSE Bug 1217568
Описание
The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2023-41074
- SUSE Bug 1215870
- SUSE Bug 1217568
Описание
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.
Затронутые продукты
Ссылки
- CVE-2023-42883
- SUSE Bug 1218032
Описание
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2023-42890
- SUSE Bug 1218033
- SUSE Bug 1218407