Early Access — Mondoo Vulnerability Intelligence is currently in preview.

SUSE-SU-2022:4283-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2022:4283-1

UNKNOWN

Security update for webkit2gtk3

Published Nov 29, 2022

Modified 3 years ago

Fix available

Details

Security fixes:

CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121).
CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122).
CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123).
CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120).
CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124).

Update to version 2.38.2:

Fix scrolling issues in some sites having fixed background.
Fix prolonged buffering during progressive live playback.
Fix the build with accessibility disabled.
Fix several crashes and rendering issues.

Update to version 2.38.1:

Make xdg-dbus-proxy work if host session bus address is an abstract socket.
Use a single xdg-dbus-proxy process when sandbox is enabled.
Fix high resolution video playback due to unimplemented changeType operation.
Ensure GSubprocess uses posix_spawn() again and inherit file descriptors.
Fix player stucking in buffering (paused) state for progressive streaming.
Do not try to preconnect on link click when link preconnect setting is disabled.
Fix close status code returned when the client closes a WebSocket in some cases.
Fix media player duration calculation.
Fix several crashes and rendering issues.

Update to version 2.38.0:

New media controls UI style.
Add new API to set WebView's Content-Security-Policy for web extensions support.
Make it possible to use the remote inspector from other browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var.
MediaSession is enabled by default, allowing remote media control using MPRIS.
Add support for PDF documents using PDF.js.

Affected Packages

SUSE:Linux Enterprise Server 12 SP2-BCLlibjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP2-BCLlibwebkit2gtk-4_0-37

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP2-BCLlibwebkit2gtk3-lang

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP2-BCLtypelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP2-BCLtypelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP2-BCLtypelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP2-BCLwebkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP2-BCLwebkit2gtk3

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP2-BCLwebkit2gtk3-devel

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP3-BCLlibjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP3-BCLlibwebkit2gtk-4_0-37

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP3-BCLtypelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP3-BCLtypelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP3-BCLwebkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP3-BCLwebkit2gtk3

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP4-LTSSlibjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP4-LTSSlibwebkit2gtk-4_0-37

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP4-LTSSlibwebkit2gtk3-lang

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP4-LTSStypelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP4-LTSStypelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP4-LTSStypelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP4-LTSSwebkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP4-LTSSwebkit2gtk3

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP5libjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP5libwebkit2gtk-4_0-37

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP5libwebkit2gtk3-lang

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP5typelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP5typelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP5typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP5webkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server 12 SP5webkit2gtk3

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP4libjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP4libwebkit2gtk-4_0-37

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP4libwebkit2gtk3-lang

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP4typelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP4typelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP4typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP4webkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP4webkit2gtk3

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5libjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5libwebkit2gtk-4_0-37

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5libwebkit2gtk3-lang

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5typelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5typelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5webkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5webkit2gtk3

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Software Development Kit 12 SP5typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Software Development Kit 12 SP5webkit2gtk3

Fixed in:

2.38.2-2.120.1

SUSE:Linux Enterprise Software Development Kit 12 SP5webkit2gtk3-devel

Fixed in:

2.38.2-2.120.1

SUSE:OpenStack Cloud 9libjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-2.120.1

SUSE:OpenStack Cloud 9libwebkit2gtk-4_0-37

Fixed in:

2.38.2-2.120.1

SUSE:OpenStack Cloud 9libwebkit2gtk3-lang

Fixed in:

2.38.2-2.120.1

SUSE:OpenStack Cloud 9typelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-2.120.1

SUSE:OpenStack Cloud 9typelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-2.120.1

SUSE:OpenStack Cloud 9typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-2.120.1

SUSE:OpenStack Cloud 9webkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-2.120.1

SUSE:OpenStack Cloud 9webkit2gtk3

Fixed in:

2.38.2-2.120.1

SUSE:OpenStack Cloud Crowbar 9libjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-2.120.1

SUSE:OpenStack Cloud Crowbar 9libwebkit2gtk-4_0-37

Fixed in:

2.38.2-2.120.1

SUSE:OpenStack Cloud Crowbar 9libwebkit2gtk3-lang

Fixed in:

2.38.2-2.120.1

SUSE:OpenStack Cloud Crowbar 9typelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-2.120.1

SUSE:OpenStack Cloud Crowbar 9typelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-2.120.1

SUSE:OpenStack Cloud Crowbar 9typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-2.120.1

SUSE:OpenStack Cloud Crowbar 9webkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-2.120.1

SUSE:OpenStack Cloud Crowbar 9webkit2gtk3

Fixed in:

2.38.2-2.120.1

References

REPORThttps://bugzilla.suse.com/1205120 REPORThttps://bugzilla.suse.com/1205121 REPORThttps://bugzilla.suse.com/1205122 REPORThttps://bugzilla.suse.com/1205123 REPORThttps://bugzilla.suse.com/1205124 WEBhttps://www.suse.com/security/cve/CVE-2022-32888 WEBhttps://www.suse.com/security/cve/CVE-2022-32923 WEBhttps://www.suse.com/security/cve/CVE-2022-42799 WEBhttps://www.suse.com/security/cve/CVE-2022-42823 WEBhttps://www.suse.com/security/cve/CVE-2022-42824 ADVISORYhttps://www.suse.com/support/update/announcement/2022/suse-su-20224283-1/

Upstream

CVE-2022-32888 CVE-2022-32923 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824

Related

CVE-2022-32888 CVE-2022-32923 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824

Ecosystems

SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9

Timeline

PublishedNov 29, 2022

ModifiedNov 29, 2022