Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
Update to version 2.44.3 (bsc#1228696 bsc#1228697 bsc#1228698):
- Fix web process cache suspend/resume when sandbox is enabled.
- Fix accelerated images dissapearing after scrolling.
- Fix video flickering with DMA-BUF sink.
- Fix pointer lock on X11.
- Fix movement delta on mouse events in GTK3.
- Undeprecate console message API and make it available in 2022 API.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794, CVE-2024-4558.
Список пакетов
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
Ссылки
- Link for SUSE-SU-2024:3052-1
- E-Mail link for SUSE-SU-2024:3052-1
- SUSE Security Ratings
- SUSE Bug 1228696
- SUSE Bug 1228697
- SUSE Bug 1228698
- SUSE CVE CVE-2024-40776 page
- SUSE CVE CVE-2024-40779 page
- SUSE CVE CVE-2024-40780 page
- SUSE CVE CVE-2024-40782 page
- SUSE CVE CVE-2024-40785 page
- SUSE CVE CVE-2024-40789 page
- SUSE CVE CVE-2024-40794 page
- SUSE CVE CVE-2024-4558 page
Описание
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-40776
- SUSE Bug 1228613
Описание
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-40779
- SUSE Bug 1228693
Описание
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-40780
- SUSE Bug 1228694
Описание
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-40782
- SUSE Bug 1228695
Описание
This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.
Затронутые продукты
Ссылки
- CVE-2024-40785
- SUSE Bug 1228696
Описание
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-40789
- SUSE Bug 1228697
Описание
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, Safari 17.6. Private Browsing tabs may be accessed without authentication.
Затронутые продукты
Ссылки
- CVE-2024-40794
- SUSE Bug 1228698
Описание
Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-4558
- SUSE Bug 1224045