SUSE-SU-2024:4292-1

Опубликовано: 11 дек. 2024

Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

CVE-2024-44308: Fixed processing maliciously crafted web content that may lead to arbitrary code execution (bsc#1233631)
CVE-2024-44309: Fixed data isolation bypass vulnerability (bsc#1233632)

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP6

WebKitGTK-4.0-lang-2.46.3-150600.12.21.1

WebKitGTK-6.0-lang-2.46.3-150600.12.21.1

libjavascriptcoregtk-4_0-18-2.46.3-150600.12.21.1

libjavascriptcoregtk-6_0-1-2.46.3-150600.12.21.1

libwebkit2gtk-4_0-37-2.46.3-150600.12.21.1

libwebkitgtk-6_0-4-2.46.3-150600.12.21.1

typelib-1_0-JavaScriptCore-4_0-2.46.3-150600.12.21.1

typelib-1_0-WebKit2-4_0-2.46.3-150600.12.21.1

typelib-1_0-WebKit2WebExtension-4_0-2.46.3-150600.12.21.1

webkit2gtk-4_0-injected-bundles-2.46.3-150600.12.21.1

webkit2gtk3-soup2-devel-2.46.3-150600.12.21.1

webkitgtk-6_0-injected-bundles-2.46.3-150600.12.21.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6

WebKitGTK-4.1-lang-2.46.3-150600.12.21.1

libjavascriptcoregtk-4_1-0-2.46.3-150600.12.21.1

libwebkit2gtk-4_1-0-2.46.3-150600.12.21.1

typelib-1_0-JavaScriptCore-4_1-2.46.3-150600.12.21.1

typelib-1_0-WebKit2-4_1-2.46.3-150600.12.21.1

typelib-1_0-WebKit2WebExtension-4_1-2.46.3-150600.12.21.1

webkit2gtk-4_1-injected-bundles-2.46.3-150600.12.21.1

webkit2gtk3-devel-2.46.3-150600.12.21.1

SUSE Linux Enterprise Module for Development Tools 15 SP6

typelib-1_0-JavaScriptCore-6_0-2.46.3-150600.12.21.1

typelib-1_0-WebKit-6_0-2.46.3-150600.12.21.1

typelib-1_0-WebKitWebProcessExtension-6_0-2.46.3-150600.12.21.1

webkit2gtk4-devel-2.46.3-150600.12.21.1

openSUSE Leap 15.6

WebKitGTK-4.0-lang-2.46.3-150600.12.21.1

WebKitGTK-4.1-lang-2.46.3-150600.12.21.1

WebKitGTK-6.0-lang-2.46.3-150600.12.21.1

libjavascriptcoregtk-4_0-18-2.46.3-150600.12.21.1

libjavascriptcoregtk-4_0-18-32bit-2.46.3-150600.12.21.1

libjavascriptcoregtk-4_1-0-2.46.3-150600.12.21.1

libjavascriptcoregtk-4_1-0-32bit-2.46.3-150600.12.21.1

libjavascriptcoregtk-6_0-1-2.46.3-150600.12.21.1

libwebkit2gtk-4_0-37-2.46.3-150600.12.21.1

libwebkit2gtk-4_0-37-32bit-2.46.3-150600.12.21.1

libwebkit2gtk-4_1-0-2.46.3-150600.12.21.1

libwebkit2gtk-4_1-0-32bit-2.46.3-150600.12.21.1

libwebkitgtk-6_0-4-2.46.3-150600.12.21.1

typelib-1_0-JavaScriptCore-4_0-2.46.3-150600.12.21.1

typelib-1_0-JavaScriptCore-4_1-2.46.3-150600.12.21.1

typelib-1_0-JavaScriptCore-6_0-2.46.3-150600.12.21.1

typelib-1_0-WebKit-6_0-2.46.3-150600.12.21.1

typelib-1_0-WebKit2-4_0-2.46.3-150600.12.21.1

typelib-1_0-WebKit2-4_1-2.46.3-150600.12.21.1

typelib-1_0-WebKit2WebExtension-4_0-2.46.3-150600.12.21.1

typelib-1_0-WebKit2WebExtension-4_1-2.46.3-150600.12.21.1

typelib-1_0-WebKitWebProcessExtension-6_0-2.46.3-150600.12.21.1

webkit-jsc-4-2.46.3-150600.12.21.1

webkit-jsc-4.1-2.46.3-150600.12.21.1

webkit-jsc-6.0-2.46.3-150600.12.21.1

webkit2gtk-4_0-injected-bundles-2.46.3-150600.12.21.1

webkit2gtk-4_1-injected-bundles-2.46.3-150600.12.21.1

webkit2gtk3-devel-2.46.3-150600.12.21.1

webkit2gtk3-minibrowser-2.46.3-150600.12.21.1

webkit2gtk3-soup2-devel-2.46.3-150600.12.21.1

webkit2gtk3-soup2-minibrowser-2.46.3-150600.12.21.1

webkit2gtk4-devel-2.46.3-150600.12.21.1

webkit2gtk4-minibrowser-2.46.3-150600.12.21.1

webkitgtk-6_0-injected-bundles-2.46.3-150600.12.21.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20244292-1/
Link for SUSE-SU-2024:4292-1
https://lists.suse.com/pipermail/sle-security-updates/2024-December/019980.html
E-Mail link for SUSE-SU-2024:4292-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1233631
SUSE Bug 1233631
https://bugzilla.suse.com/1233632
SUSE Bug 1233632
https://www.suse.com/security/cve/CVE-2024-44308/
SUSE CVE CVE-2024-44308 page
https://www.suse.com/security/cve/CVE-2024-44309/
SUSE CVE CVE-2024-44309 page

Описание

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.46.3-150600.12.21.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.46.3-150600.12.21.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.46.3-150600.12.21.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.46.3-150600.12.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-44308.html
CVE-2024-44308
https://bugzilla.suse.com/1233631
SUSE Bug 1233631

Описание

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.46.3-150600.12.21.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.46.3-150600.12.21.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.46.3-150600.12.21.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.46.3-150600.12.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-44309.html
CVE-2024-44309
https://bugzilla.suse.com/1233632
SUSE Bug 1233632

SUSE-SU-2024:4292-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP6

SUSE Linux Enterprise Module for Desktop Applications 15 SP6

SUSE Linux Enterprise Module for Development Tools 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-44308

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-44309

Описание

Затронутые продукты

Ссылки