Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.32.4
- CVE-2021-30858: Fixed a security bug that could allow maliciously crafted web content to achieve arbitrary code execution. (bsc#1190701)
- CVE-2021-21806: Fixed an exploitable use-after-free vulnerability via specially crafted HTML web page. (bsc#1188697)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Список пакетов
openSUSE Leap 15.2
libjavascriptcoregtk-4_0-18-2.32.4-lp152.2.19.1
libjavascriptcoregtk-4_0-18-32bit-2.32.4-lp152.2.19.1
libwebkit2gtk-4_0-37-2.32.4-lp152.2.19.1
libwebkit2gtk-4_0-37-32bit-2.32.4-lp152.2.19.1
libwebkit2gtk3-lang-2.32.4-lp152.2.19.1
typelib-1_0-JavaScriptCore-4_0-2.32.4-lp152.2.19.1
typelib-1_0-WebKit2-4_0-2.32.4-lp152.2.19.1
typelib-1_0-WebKit2WebExtension-4_0-2.32.4-lp152.2.19.1
webkit-jsc-4-2.32.4-lp152.2.19.1
webkit2gtk-4_0-injected-bundles-2.32.4-lp152.2.19.1
webkit2gtk3-devel-2.32.4-lp152.2.19.1
webkit2gtk3-minibrowser-2.32.4-lp152.2.19.1
Ссылки
- E-Mail link for openSUSE-SU-2021:1369-1
- SUSE Security Ratings
- SUSE Bug 1188697
- SUSE Bug 1190701
- SUSE CVE CVE-2021-21806 page
- SUSE CVE CVE-2021-30858 page
Описание
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.
Затронутые продукты
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.4-lp152.2.19.1
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.4-lp152.2.19.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.4-lp152.2.19.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.4-lp152.2.19.1
Ссылки
- CVE-2021-21806
- SUSE Bug 1188294
- SUSE Bug 1188697
Описание
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Затронутые продукты
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.4-lp152.2.19.1
openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.4-lp152.2.19.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.4-lp152.2.19.1
openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.4-lp152.2.19.1
Ссылки
- CVE-2021-30858
- SUSE Bug 1190701
- SUSE Bug 1191298
- SUSE Bug 1191301