Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
Update to version 2.46.0 (bsc#1231039).
- CVE-2024-40866
- CVE-2024-44187
Already fixed in version 2.44.3:
- CVE-2024-4558
- CVE-2024-27838
- CVE-2024-27851
Already fixed in version 2.44.2:
- CVE-2024-27834
- CVE-2024-27808
- CVE-2024-27820
- CVE-2024-27833
Already fixed in version 2.44.1:
- CVE-2024-23222
- CVE-2024-23206
- CVE-2024-23213
- CVE-2024-23271
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP3
Ссылки
- Link for SUSE-SU-2024:3870-1
- E-Mail link for SUSE-SU-2024:3870-1
- SUSE Security Ratings
- SUSE Bug 1231039
- SUSE CVE CVE-2024-23206 page
- SUSE CVE CVE-2024-23213 page
- SUSE CVE CVE-2024-23222 page
- SUSE CVE CVE-2024-23271 page
- SUSE CVE CVE-2024-27808 page
- SUSE CVE CVE-2024-27820 page
- SUSE CVE CVE-2024-27833 page
- SUSE CVE CVE-2024-27834 page
- SUSE CVE CVE-2024-27838 page
- SUSE CVE CVE-2024-27851 page
- SUSE CVE CVE-2024-40866 page
- SUSE CVE CVE-2024-44187 page
- SUSE CVE CVE-2024-4558 page
Описание
An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user.
Затронутые продукты
Ссылки
- CVE-2024-23206
- SUSE Bug 1219604
Описание
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2024-23213
- SUSE Bug 1219604
Описание
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
Затронутые продукты
Ссылки
- CVE-2024-23222
- SUSE Bug 1219113
- SUSE Bug 1219604
Описание
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.
Затронутые продукты
Ссылки
- CVE-2024-23271
- SUSE Bug 1231039
Описание
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2024-27808
- SUSE Bug 1231039
Описание
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2024-27820
- SUSE Bug 1231039
Описание
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2024-27833
- SUSE Bug 1231039
Описание
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
Затронутые продукты
Ссылки
- CVE-2024-27834
- SUSE Bug 1225071
Описание
The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.
Затронутые продукты
Ссылки
- CVE-2024-27838
- SUSE Bug 1231039
Описание
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2024-27851
- SUSE Bug 1231039
Описание
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.
Затронутые продукты
Ссылки
- CVE-2024-40866
- SUSE Bug 1231039
Описание
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
Затронутые продукты
Ссылки
- CVE-2024-44187
- SUSE Bug 1231039
Описание
Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-4558
- SUSE Bug 1224045