Early Access — Mondoo Vulnerability Intelligence is currently in preview.

SUSE-SU-2022:4285-1

UNKNOWN

Security update for webkit2gtk3

Published Nov 29, 2022

Modified 3 years ago

Fix available

Details

Security fixes:

CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121).
CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122).
CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123).
CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120).
CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124).

Update to version 2.38.2:

Fix scrolling issues in some sites having fixed background.
Fix prolonged buffering during progressive live playback.
Fix the build with accessibility disabled.
Fix several crashes and rendering issues.

Update to version 2.38.1:

Make xdg-dbus-proxy work if host session bus address is an abstract socket.
Use a single xdg-dbus-proxy process when sandbox is enabled.
Fix high resolution video playback due to unimplemented changeType operation.
Ensure GSubprocess uses posix_spawn() again and inherit file descriptors.
Fix player stucking in buffering (paused) state for progressive streaming.
Do not try to preconnect on link click when link preconnect setting is disabled.
Fix close status code returned when the client closes a WebSocket in some cases.
Fix media player duration calculation.
Fix several crashes and rendering issues.

Update to version 2.38.0:

New media controls UI style.
Add new API to set WebView's Content-Security-Policy for web extensions support.
Make it possible to use the remote inspector from other browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var.
MediaSession is enabled by default, allowing remote media control using MPRIS.
Add support for PDF documents using PDF.js.

Affected Packages

SUSE:Enterprise Storage 7libjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-150200.54.2

SUSE:Enterprise Storage 7libwebkit2gtk-4_0-37

Fixed in:

2.38.2-150200.54.2

SUSE:Enterprise Storage 7libwebkit2gtk3-lang

Fixed in:

2.38.2-150200.54.2

SUSE:Enterprise Storage 7typelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Enterprise Storage 7typelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Enterprise Storage 7typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Enterprise Storage 7webkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-150200.54.2

SUSE:Enterprise Storage 7webkit2gtk3

Fixed in:

2.38.2-150200.54.2

SUSE:Enterprise Storage 7webkit2gtk3-devel

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSlibjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSlibwebkit2gtk-4_0-37

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSlibwebkit2gtk3-lang

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOStypelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOStypelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOStypelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSwebkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSwebkit2gtk3

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSwebkit2gtk3-devel

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSlibjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSlibwebkit2gtk-4_0-37

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSlibwebkit2gtk3-lang

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSStypelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSStypelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSStypelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSwebkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSwebkit2gtk3

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSwebkit2gtk3-devel

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Module for Basesystem 15 SP3libjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Module for Basesystem 15 SP3libwebkit2gtk-4_0-37

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Module for Basesystem 15 SP3libwebkit2gtk3-lang

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Module for Basesystem 15 SP3webkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Module for Basesystem 15 SP3webkit2gtk3

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Module for Desktop Applications 15 SP3typelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Module for Desktop Applications 15 SP3typelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Module for Desktop Applications 15 SP3typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Module for Desktop Applications 15 SP3webkit2gtk3

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Module for Desktop Applications 15 SP3webkit2gtk3-devel

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-BCLlibjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-BCLlibwebkit2gtk-4_0-37

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-BCLlibwebkit2gtk3-lang

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-BCLtypelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-BCLtypelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-BCLtypelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-BCLwebkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-BCLwebkit2gtk3

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-BCLwebkit2gtk3-devel

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-LTSSlibjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-LTSSlibwebkit2gtk-4_0-37

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-LTSSlibwebkit2gtk3-lang

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-LTSStypelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-LTSStypelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-LTSStypelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-LTSSwebkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-LTSSwebkit2gtk3

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server 15 SP2-LTSSwebkit2gtk3-devel

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2libjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2libwebkit2gtk-4_0-37

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2libwebkit2gtk3-lang

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2typelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2typelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2webkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2webkit2gtk3

Fixed in:

2.38.2-150200.54.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2webkit2gtk3-devel

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Proxy 4.1libjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Proxy 4.1libwebkit2gtk-4_0-37

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Proxy 4.1libwebkit2gtk3-lang

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Proxy 4.1typelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Proxy 4.1typelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Proxy 4.1typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Proxy 4.1webkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Proxy 4.1webkit2gtk3

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Proxy 4.1webkit2gtk3-devel

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Retail Branch Server 4.1libjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Retail Branch Server 4.1libwebkit2gtk-4_0-37

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Retail Branch Server 4.1libwebkit2gtk3-lang

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Retail Branch Server 4.1typelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Retail Branch Server 4.1typelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Retail Branch Server 4.1typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Retail Branch Server 4.1webkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Retail Branch Server 4.1webkit2gtk3

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Retail Branch Server 4.1webkit2gtk3-devel

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Server 4.1libjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Server 4.1libwebkit2gtk-4_0-37

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Server 4.1libwebkit2gtk3-lang

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Server 4.1typelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Server 4.1typelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Server 4.1typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Server 4.1webkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Server 4.1webkit2gtk3

Fixed in:

2.38.2-150200.54.2

SUSE:Manager Server 4.1webkit2gtk3-devel

Fixed in:

2.38.2-150200.54.2

openSUSE:Leap 15.3libjavascriptcoregtk-4_0-18

Fixed in:

2.38.2-150200.54.2

openSUSE:Leap 15.3libjavascriptcoregtk-4_0-18-32bit

Fixed in:

2.38.2-150200.54.2

openSUSE:Leap 15.3libwebkit2gtk-4_0-37

Fixed in:

2.38.2-150200.54.2

openSUSE:Leap 15.3libwebkit2gtk-4_0-37-32bit

Fixed in:

2.38.2-150200.54.2

openSUSE:Leap 15.3libwebkit2gtk3-lang

Fixed in:

2.38.2-150200.54.2

openSUSE:Leap 15.3typelib-1_0-JavaScriptCore-4_0

Fixed in:

2.38.2-150200.54.2

openSUSE:Leap 15.3typelib-1_0-WebKit2-4_0

Fixed in:

2.38.2-150200.54.2

openSUSE:Leap 15.3typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.38.2-150200.54.2

openSUSE:Leap 15.3webkit-jsc-4

Fixed in:

2.38.2-150200.54.2

openSUSE:Leap 15.3webkit2gtk-4_0-injected-bundles

Fixed in:

2.38.2-150200.54.2

openSUSE:Leap 15.3webkit2gtk3

Fixed in:

2.38.2-150200.54.2

openSUSE:Leap 15.3webkit2gtk3-devel

Fixed in:

2.38.2-150200.54.2

openSUSE:Leap 15.3webkit2gtk3-minibrowser

Fixed in:

2.38.2-150200.54.2

openSUSE:Leap 15.4libwebkit2gtk3-lang

Fixed in:

2.38.2-150200.54.2

openSUSE:Leap 15.4webkit2gtk3

Fixed in:

2.38.2-150200.54.2

References

REPORThttps://bugzilla.suse.com/1205120 REPORThttps://bugzilla.suse.com/1205121 REPORThttps://bugzilla.suse.com/1205122 REPORThttps://bugzilla.suse.com/1205123 REPORThttps://bugzilla.suse.com/1205124 WEBhttps://www.suse.com/security/cve/CVE-2022-32888 WEBhttps://www.suse.com/security/cve/CVE-2022-32923 WEBhttps://www.suse.com/security/cve/CVE-2022-42799 WEBhttps://www.suse.com/security/cve/CVE-2022-42823 WEBhttps://www.suse.com/security/cve/CVE-2022-42824 ADVISORYhttps://www.suse.com/support/update/announcement/2022/suse-su-20224285-1/

SUSE-SU-2022:4285-1 | Mondoo Vulnerability Intelligence