Early Access — Mondoo Vulnerability Intelligence is currently in preview.

SUSE-SU-2023:3237-1

UNKNOWN

Security update for webkit2gtk3

Published Aug 8, 2023

Modified 2 years ago

Fix available

Details

This update for webkit2gtk3 fixes the following issues:

Update to version 2.40.5 (bsc#1213905):

CVE-2023-38133: Fixed information disclosure.
CVE-2023-38572: Fixed Same-Origin-Policy bypass.
CVE-2023-38592: Fixed arbitrary code execution.
CVE-2023-38594: Fixed arbitrary code execution.
CVE-2023-38595: Fixed arbitrary code execution.
CVE-2023-38597: Fixed arbitrary code execution.
CVE-2023-38599: Fixed sensitive user information tracking.
CVE-2023-38600: Fixed arbitrary code execution.
CVE-2023-38611: Fixed arbitrary code execution.

Update to version 2.40.3 (bsc#1212863):

CVE-2023-32439: Fixed a bug where processing maliciously crafted web content may lead to arbitrary code execution. (bsc#1212863)
CVE-2023-32435: Fixed a bug where processing web content may lead to arbitrary code execution. (bsc#1212863)
CVE-2022-48503: Fixed a bug where processing web content may lead to arbitrary code execution. (bsc#1212863)

Affected Packages

SUSE:Linux Enterprise Server 12 SP2-BCLlibjavascriptcoregtk-4_0-18

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server 12 SP2-BCLlibwebkit2gtk-4_0-37

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server 12 SP2-BCLlibwebkit2gtk3-lang

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server 12 SP2-BCLtypelib-1_0-JavaScriptCore-4_0

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server 12 SP2-BCLtypelib-1_0-WebKit2-4_0

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server 12 SP2-BCLtypelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server 12 SP2-BCLwebkit2gtk-4_0-injected-bundles

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server 12 SP2-BCLwebkit2gtk3

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server 12 SP2-BCLwebkit2gtk3-devel

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server 12 SP5libjavascriptcoregtk-4_0-18

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server 12 SP5libwebkit2gtk-4_0-37

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server 12 SP5libwebkit2gtk3-lang

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server 12 SP5typelib-1_0-JavaScriptCore-4_0

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server 12 SP5typelib-1_0-WebKit2-4_0

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server 12 SP5typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server 12 SP5webkit2gtk-4_0-injected-bundles

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server 12 SP5webkit2gtk3

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5libjavascriptcoregtk-4_0-18

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5libwebkit2gtk-4_0-37

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5libwebkit2gtk3-lang

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5typelib-1_0-JavaScriptCore-4_0

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5typelib-1_0-WebKit2-4_0

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5webkit2gtk-4_0-injected-bundles

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Server for SAP Applications 12 SP5webkit2gtk3

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Software Development Kit 12 SP5typelib-1_0-WebKit2WebExtension-4_0

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Software Development Kit 12 SP5webkit2gtk3

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Software Development Kit 12 SP5webkit2gtk3-devel

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Workstation Extension 12 SP5libjavascriptcoregtk-4_0-18-32bit

Fixed in:

2.40.5-2.146.1

SUSE:Linux Enterprise Workstation Extension 12 SP5webkit2gtk3

Fixed in:

2.40.5-2.146.1

References

SUSE-SU-2023:3237-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2023:3237-1

Details

Affected Packages

References

Upstream

Related

Ecosystems

Timeline