Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:0637-1

Опубликовано: 30 апр. 2021
Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

  • Update to version 2.32.0 (bsc#1184155):
    • Fix the authentication request port when URL omits the port.
    • Fix iframe scrolling when main frame is scrolled in async
    • scrolling mode.
    • Stop using g_memdup.
    • Show a warning message when overriding signal handler for
    • threading suspension.
    • Fix the build on RISC-V with GCC 11.
    • Fix several crashes and rendering issues.
    • Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871
  • Update in version 2.30.6 (bsc#1184262):
    • Update user agent quirks again for Google Docs and Google Drive.
    • Fix several crashes and rendering issues.
    • Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765 CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870.
  • Update _constraints for armv6/armv7 (bsc#1182719)
  • restore NPAPI plugin support which was removed in 2.32.0

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Список пакетов

openSUSE Leap 15.2
libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1
libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1
libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1
libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1
libwebkit2gtk3-lang-2.32.0-lp152.2.13.1
typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1
typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1
typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1
webkit-jsc-4-2.32.0-lp152.2.13.1
webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1
webkit2gtk3-devel-2.32.0-lp152.2.13.1
webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1

Ссылки

Описание

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1
Ссылки

Описание

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.

Затронутые продукты
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1
Ссылки

Описание

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.

Затронутые продукты
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1
Ссылки

Описание

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1
Ссылки

Описание

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1
Ссылки

Описание

A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.

Затронутые продукты
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1
Ссылки

Описание

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.

Затронутые продукты
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1
Ссылки

Описание

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Затронутые продукты
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1
Ссылки

Описание

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Затронутые продукты
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1
Ссылки

Описание

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Затронутые продукты
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1
Ссылки