SUSE-SU-2023:2606-1

UNKNOWN

Security update for webkit2gtk3

Published Jun 22, 2023

Modified 2 years ago

Fix available

Details

This update for webkit2gtk3 fixes the following issues:

Add security patches (bsc#1211846):

CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659).
CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658).

Affected Packages

libjavascriptcoregtk-4_0-18

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

2.38.6-2.139.1

libwebkit2gtk-4_0-37

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

2.38.6-2.139.1

libwebkit2gtk3-lang

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

2.38.6-2.139.1

typelib-1_0-JavaScriptCore-4_0

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

2.38.6-2.139.1

typelib-1_0-WebKit2-4_0

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

2.38.6-2.139.1

typelib-1_0-WebKit2WebExtension-4_0

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

2.38.6-2.139.1

webkit2gtk-4_0-injected-bundles

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

2.38.6-2.139.1

webkit2gtk3

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4

Fixed in:

2.38.6-2.139.1

webkit2gtk3-devel

SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Software Development Kit 12 SP5

Fixed in:

2.38.6-2.139.1

References

https://bugzilla.suse.com/1211658

https://bugzilla.suse.com/1211659

https://bugzilla.suse.com/1211846

https://www.suse.com/security/cve/CVE-2023-28204

https://www.suse.com/security/cve/CVE-2023-32373

https://www.suse.com/support/update/announcement/2023/suse-su-20232606-1/

Upstream

CVE-2023-28204 CVE-2023-32373

Related

CVE-2023-28204 CVE-2023-32373

Ecosystems(9)

SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4

Timeline

PublishedJun 22, 2023

ModifiedJun 22, 2023

SUSE-SU-2023:2606-1 | Mondoo Vulnerability Intelligence