Oval Definition:oval:org.opensuse.security:def:101647
Revision Date:2022-03-04Version:1
Title:Security update for webkit2gtk3 (Important)
Description:

This update for webkit2gtk3 fixes the following issues:

Update to version 2.34.6 (bsc#1196133):

- CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution.

Update to version 2.34.5 (bsc#1195735):

- CVE-2022-22589: A validation issue was addressed with improved input sanitization. - CVE-2022-22590: A use after free issue was addressed with improved memory management. - CVE-2022-22592: A logic issue was addressed with improved state management.

Update to version 2.34.4 (bsc#1195064):

- CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling. - CVE-2021-30936: A use after free issue was addressed with improved memory management. - CVE-2021-30951: A use after free issue was addressed with improved memory management. - CVE-2021-30952: An integer overflow was addressed with improved input validation. - CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking. - CVE-2021-30954: A type confusion issue was addressed with improved memory handling. - CVE-2021-30984: A race condition was addressed with improved state handling. - CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation.

The following CVEs were addressed in a previous update:

- CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create. - CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild. - CVE-2021-45483: A use-after-free in WebCore::Frame::page.
Family:unixClass:patch
Status:Reference(s):1192717
1195064
1195735
1196133
CVE-2021-30934
CVE-2021-30936
CVE-2021-30951
CVE-2021-30952
CVE-2021-30953
CVE-2021-30954
CVE-2021-30984
CVE-2021-43618
CVE-2021-45481
CVE-2021-45482
CVE-2021-45483
CVE-2022-22589
CVE-2022-22590
CVE-2022-22592
CVE-2022-22620
SUSE-SU-2021:3946-1
SUSE-SU-2022:0705-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP3
SUSE Linux Enterprise Module for Development Tools 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Storage 7
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed
  • AND Package Information
  • gmp-devel-32bit-6.1.2-4.9.1 is installed
  • OR libgmpxx4-32bit-6.1.2-4.9.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP3 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Storage 7.1 is installed
  • OR SUSE Manager Proxy 4.2 is installed
  • OR SUSE Manager Retail Branch Server 4.2 is installed
  • OR SUSE Manager Server 4.2 is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.34.6-29.1 is installed
  • OR libwebkit2gtk-4_0-37-2.34.6-29.1 is installed
  • OR libwebkit2gtk3-lang-2.34.6-29.1 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.34.6-29.1 is installed
    • BACK