Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
Update to version 2.46.3 (bsc#1232747):
- CVE-2024-44244: Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2024-44296: Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
- CVE-2024-40866: Visiting a malicious website may lead to address bar spoofing.
New references to version 2.46.0 (boo#1231039):
- CVE-2024-44187: A cross- origin issue existed with “iframe” elements. This was addressed with improved tracking of security origins.
- CVE-2024-44185: Processing maliciously crafted web content may lead to an unexpected process crash.
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP6
WebKitGTK-4.0-lang-2.46.3-150600.12.16.1
WebKitGTK-6.0-lang-2.46.3-150600.12.16.1
libjavascriptcoregtk-4_0-18-2.46.3-150600.12.16.1
libjavascriptcoregtk-6_0-1-2.46.3-150600.12.16.1
libwebkit2gtk-4_0-37-2.46.3-150600.12.16.1
libwebkitgtk-6_0-4-2.46.3-150600.12.16.1
typelib-1_0-JavaScriptCore-4_0-2.46.3-150600.12.16.1
typelib-1_0-WebKit2-4_0-2.46.3-150600.12.16.1
typelib-1_0-WebKit2WebExtension-4_0-2.46.3-150600.12.16.1
webkit2gtk-4_0-injected-bundles-2.46.3-150600.12.16.1
webkit2gtk3-soup2-devel-2.46.3-150600.12.16.1
webkitgtk-6_0-injected-bundles-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
WebKitGTK-4.1-lang-2.46.3-150600.12.16.1
libjavascriptcoregtk-4_1-0-2.46.3-150600.12.16.1
libwebkit2gtk-4_1-0-2.46.3-150600.12.16.1
typelib-1_0-JavaScriptCore-4_1-2.46.3-150600.12.16.1
typelib-1_0-WebKit2-4_1-2.46.3-150600.12.16.1
typelib-1_0-WebKit2WebExtension-4_1-2.46.3-150600.12.16.1
webkit2gtk-4_1-injected-bundles-2.46.3-150600.12.16.1
webkit2gtk3-devel-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Development Tools 15 SP6
typelib-1_0-JavaScriptCore-6_0-2.46.3-150600.12.16.1
typelib-1_0-WebKit-6_0-2.46.3-150600.12.16.1
typelib-1_0-WebKitWebProcessExtension-6_0-2.46.3-150600.12.16.1
webkit2gtk4-devel-2.46.3-150600.12.16.1
openSUSE Leap 15.6
WebKitGTK-4.0-lang-2.46.3-150600.12.16.1
WebKitGTK-4.1-lang-2.46.3-150600.12.16.1
WebKitGTK-6.0-lang-2.46.3-150600.12.16.1
libjavascriptcoregtk-4_0-18-2.46.3-150600.12.16.1
libjavascriptcoregtk-4_0-18-32bit-2.46.3-150600.12.16.1
libjavascriptcoregtk-4_1-0-2.46.3-150600.12.16.1
libjavascriptcoregtk-4_1-0-32bit-2.46.3-150600.12.16.1
libjavascriptcoregtk-6_0-1-2.46.3-150600.12.16.1
libwebkit2gtk-4_0-37-2.46.3-150600.12.16.1
libwebkit2gtk-4_0-37-32bit-2.46.3-150600.12.16.1
libwebkit2gtk-4_1-0-2.46.3-150600.12.16.1
libwebkit2gtk-4_1-0-32bit-2.46.3-150600.12.16.1
libwebkitgtk-6_0-4-2.46.3-150600.12.16.1
typelib-1_0-JavaScriptCore-4_0-2.46.3-150600.12.16.1
typelib-1_0-JavaScriptCore-4_1-2.46.3-150600.12.16.1
typelib-1_0-JavaScriptCore-6_0-2.46.3-150600.12.16.1
typelib-1_0-WebKit-6_0-2.46.3-150600.12.16.1
typelib-1_0-WebKit2-4_0-2.46.3-150600.12.16.1
typelib-1_0-WebKit2-4_1-2.46.3-150600.12.16.1
typelib-1_0-WebKit2WebExtension-4_0-2.46.3-150600.12.16.1
typelib-1_0-WebKit2WebExtension-4_1-2.46.3-150600.12.16.1
typelib-1_0-WebKitWebProcessExtension-6_0-2.46.3-150600.12.16.1
webkit-jsc-4-2.46.3-150600.12.16.1
webkit-jsc-4.1-2.46.3-150600.12.16.1
webkit-jsc-6.0-2.46.3-150600.12.16.1
webkit2gtk-4_0-injected-bundles-2.46.3-150600.12.16.1
webkit2gtk-4_1-injected-bundles-2.46.3-150600.12.16.1
webkit2gtk3-devel-2.46.3-150600.12.16.1
webkit2gtk3-minibrowser-2.46.3-150600.12.16.1
webkit2gtk3-soup2-devel-2.46.3-150600.12.16.1
webkit2gtk3-soup2-minibrowser-2.46.3-150600.12.16.1
webkit2gtk4-devel-2.46.3-150600.12.16.1
webkit2gtk4-minibrowser-2.46.3-150600.12.16.1
webkitgtk-6_0-injected-bundles-2.46.3-150600.12.16.1
Ссылки
- Link for SUSE-SU-2024:4084-1
- E-Mail link for SUSE-SU-2024:4084-1
- SUSE Security Ratings
- SUSE Bug 1231039
- SUSE Bug 1232747
- SUSE CVE CVE-2024-40866 page
- SUSE CVE CVE-2024-44185 page
- SUSE CVE CVE-2024-44187 page
- SUSE CVE CVE-2024-44244 page
- SUSE CVE CVE-2024-44296 page
Описание
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.46.3-150600.12.16.1
Ссылки
- CVE-2024-40866
- SUSE Bug 1231039
Описание
The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.46.3-150600.12.16.1
Ссылки
- CVE-2024-44185
- SUSE Bug 1232747
Описание
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.46.3-150600.12.16.1
Ссылки
- CVE-2024-44187
- SUSE Bug 1231039
Описание
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.46.3-150600.12.16.1
Ссылки
- CVE-2024-44244
- SUSE Bug 1232747
Описание
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.46.3-150600.12.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.46.3-150600.12.16.1
Ссылки
- CVE-2024-44296
- SUSE Bug 1232747