Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
Update to version 2.44.3 (bsc#1228696 bsc#1228697 bsc#1228698):
- Fix web process cache suspend/resume when sandbox is enabled.
- Fix accelerated images dissapearing after scrolling.
- Fix video flickering with DMA-BUF sink.
- Fix pointer lock on X11.
- Fix movement delta on mouse events in GTK3.
- Undeprecate console message API and make it available in 2022 API.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794, CVE-2024-4558.
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP6
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
SUSE Linux Enterprise Module for Development Tools 15 SP6
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2024:3109-1
- E-Mail link for SUSE-SU-2024:3109-1
- SUSE Security Ratings
- SUSE Bug 1228696
- SUSE Bug 1228697
- SUSE Bug 1228698
- SUSE CVE CVE-2024-40776 page
- SUSE CVE CVE-2024-40779 page
- SUSE CVE CVE-2024-40780 page
- SUSE CVE CVE-2024-40782 page
- SUSE CVE CVE-2024-40785 page
- SUSE CVE CVE-2024-40789 page
- SUSE CVE CVE-2024-40794 page
- SUSE CVE CVE-2024-4558 page
Описание
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-40776
- SUSE Bug 1228613
Описание
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-40779
- SUSE Bug 1228693
Описание
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-40780
- SUSE Bug 1228694
Описание
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-40782
- SUSE Bug 1228695
Описание
This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.
Затронутые продукты
Ссылки
- CVE-2024-40785
- SUSE Bug 1228696
Описание
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-40789
- SUSE Bug 1228697
Описание
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, Safari 17.6. Private Browsing tabs may be accessed without authentication.
Затронутые продукты
Ссылки
- CVE-2024-40794
- SUSE Bug 1228698
Описание
Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-4558
- SUSE Bug 1224045