Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in webkit2gtk3
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in webkit2gtk3
ID: SUSE-SU-2024:0545-1
Distribution: SUSE
Plattformen: SUSE Linux Enterprise Server 12 SP5, SUSE Linux Enterprise High Performance Computing 12 SP5, SUSE Linux Enterprise Server for SAP Applications 12 SP5, SUSE Linux Enterprise Software Development Kit 12 SP5, SUSE Linux Enterprise Workstation Extension 12 12-SP5
Datum: Di, 20. Februar 2024, 19:23
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745
Applikationen: WebKitGTK

Originalnachricht

--===============8400320571644921766==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit



# Security update for webkit2gtk3

Announcement ID: SUSE-SU-2024:0545-1
Rating: important
References:

* bsc#1219113
* bsc#1219604


Cross-References:

* CVE-2014-1745
* CVE-2023-40414
* CVE-2023-42833
* CVE-2024-23206
* CVE-2024-23213
* CVE-2024-23222


CVSS scores:

* CVE-2023-40414 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-40414 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-42833 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-42833 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-23206 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2024-23206 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2024-23213 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-23213 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-23222 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-23222 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H


Affected Products:

* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Software Development Kit 12 SP5
* SUSE Linux Enterprise Workstation Extension 12 12-SP5



An update that solves six vulnerabilities can now be installed.

## Description:

This update for webkit2gtk3 fixes the following issues:

Update to version 2.42.5 (bsc#1219604):

* CVE-2024-23222: Fixed processing maliciously crafted web content that may
have led to arbitrary code execution (bsc#1219113).
* CVE-2024-23206: Fixed fingerprint user via maliciously crafted webpages
(bsc#1219604).
* CVE-2024-23213: Fixed processing web content that may have led to arbitrary
code execution (bsc#1219604).
* CVE-2023-40414: Fixed processing web content that may have led to arbitrary
code execution (bsc#1219604).
* CVE-2014-1745: Fixed denial-of-service or potentially disclose memory
contents while processing maliciously crafted files (bsc#1219604).
* CVE-2023-42833: Fixed processing web content that may have led to arbitrary
code execution (bsc#1219604).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-545=1

* SUSE Linux Enterprise Server 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-545=1

* SUSE Linux Enterprise Server for SAP Applications 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-545=1

* SUSE Linux Enterprise Workstation Extension 12 12-SP5
zypper in -t patch SUSE-SLE-WE-12-SP5-2024-545=1

* SUSE Linux Enterprise Software Development Kit 12 SP5
zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-545=1

## Package List:

* SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
* libwebkit2gtk-4_0-37-2.42.5-2.168.2
* libwebkit2gtk-4_0-37-debuginfo-2.42.5-2.168.2
* typelib-1_0-JavaScriptCore-4_0-2.42.5-2.168.2
* typelib-1_0-WebKit2-4_0-2.42.5-2.168.2
* libjavascriptcoregtk-4_0-18-2.42.5-2.168.2
* webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-2.168.2
* typelib-1_0-WebKit2WebExtension-4_0-2.42.5-2.168.2
* libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-2.168.2
* webkit2gtk-4_0-injected-bundles-2.42.5-2.168.2
* webkit2gtk3-debugsource-2.42.5-2.168.2
* SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
* libwebkit2gtk3-lang-2.42.5-2.168.2
* SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
* libwebkit2gtk-4_0-37-2.42.5-2.168.2
* libwebkit2gtk-4_0-37-debuginfo-2.42.5-2.168.2
* typelib-1_0-JavaScriptCore-4_0-2.42.5-2.168.2
* typelib-1_0-WebKit2-4_0-2.42.5-2.168.2
* libjavascriptcoregtk-4_0-18-2.42.5-2.168.2
* webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-2.168.2
* typelib-1_0-WebKit2WebExtension-4_0-2.42.5-2.168.2
* libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-2.168.2
* webkit2gtk-4_0-injected-bundles-2.42.5-2.168.2
* webkit2gtk3-debugsource-2.42.5-2.168.2
* SUSE Linux Enterprise Server 12 SP5 (noarch)
* libwebkit2gtk3-lang-2.42.5-2.168.2
* SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
* libwebkit2gtk-4_0-37-2.42.5-2.168.2
* libwebkit2gtk-4_0-37-debuginfo-2.42.5-2.168.2
* typelib-1_0-JavaScriptCore-4_0-2.42.5-2.168.2
* typelib-1_0-WebKit2-4_0-2.42.5-2.168.2
* libjavascriptcoregtk-4_0-18-2.42.5-2.168.2
* webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-2.168.2
* typelib-1_0-WebKit2WebExtension-4_0-2.42.5-2.168.2
* libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-2.168.2
* webkit2gtk-4_0-injected-bundles-2.42.5-2.168.2
* webkit2gtk3-debugsource-2.42.5-2.168.2
* SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
* libwebkit2gtk3-lang-2.42.5-2.168.2
* SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
* libjavascriptcoregtk-4_0-18-32bit-2.42.5-2.168.2
* SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le
s390x
x86_64)
* webkit2gtk3-debugsource-2.42.5-2.168.2
* typelib-1_0-WebKit2WebExtension-4_0-2.42.5-2.168.2
* webkit2gtk3-devel-2.42.5-2.168.2

## References:

* https://www.suse.com/security/cve/CVE-2014-1745.html
* https://www.suse.com/security/cve/CVE-2023-40414.html
* https://www.suse.com/security/cve/CVE-2023-42833.html
* https://www.suse.com/security/cve/CVE-2024-23206.html
* https://www.suse.com/security/cve/CVE-2024-23213.html
* https://www.suse.com/security/cve/CVE-2024-23222.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219113
* https://bugzilla.suse.com/show_bug.cgi?id=1219604


--===============8400320571644921766==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit




<div class="container">
<h1>Security update for webkit2gtk3</h1>

<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2024:0545-1</td>
</tr>

<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>

<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219113">bsc#1219113</a>
</li>

<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219604">bsc#1219604</a>
</li>


</ul>
</td>
</tr>

<tr>
<th>
Cross-References:
</th>
<td>
<ul>

<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2014-1745.html">CVE-2014-1745</a>
</li>

<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-40414.html">CVE-2023-40414</a>
</li>

<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-42833.html">CVE-2023-42833</a>
</li>

<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-23206.html">CVE-2024-23206</a>
</li>

<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-23213.html">CVE-2024-23213</a>
</li>

<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-23222.html">CVE-2024-23222</a>
</li>

</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">

<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-40414</span>
<span class="cvss-source">
(

SUSE

):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-40414</span>
<span class="cvss-source">
(

NVD

):
</span>
<span
class="cvss-score">9.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-42833</span>
<span class="cvss-source">
(

SUSE

):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-42833</span>
<span class="cvss-source">
(

NVD

):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-23206</span>
<span class="cvss-source">
(

SUSE

):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-23206</span>
<span class="cvss-source">
(

NVD

):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-23213</span>
<span class="cvss-source">
(

SUSE

):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-23213</span>
<span class="cvss-source">
(

NVD

):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-23222</span>
<span class="cvss-source">
(

SUSE

):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-23222</span>
<span class="cvss-source">
(

NVD

):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>

</ul>
</td>
</tr>

<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">

<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 12 SP5</li>

<li class="list-group-item">SUSE Linux
Enterprise Server 12 SP5</li>

<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 12 SP5</li>

<li class="list-group-item">SUSE Linux
Enterprise Software Development Kit 12 SP5</li>

<li class="list-group-item">SUSE Linux
Enterprise Workstation Extension 12 12-SP5</li>

</ul>
</td>
</tr>
</tbody>
</table>

<p>An update that solves six vulnerabilities can now be
installed.</p>





<h2>Description:</h2>

<p>This update for webkit2gtk3 fixes the following issues:</p>
<p>Update to version 2.42.5 (bsc#1219604):</p>
<ul>
<li>CVE-2024-23222: Fixed processing maliciously crafted web content that
may have led to arbitrary code execution (bsc#1219113).</li>
<li>CVE-2024-23206: Fixed fingerprint user via maliciously crafted
webpages (bsc#1219604).</li>
<li>CVE-2024-23213: Fixed processing web content that may have led to
arbitrary code execution (bsc#1219604).</li>
<li>CVE-2023-40414: Fixed processing web content that may have led to
arbitrary code execution (bsc#1219604).</li>
<li>CVE-2014-1745: Fixed denial-of-service or potentially disclose memory
contents while processing maliciously crafted files (bsc#1219604).</li>
<li>CVE-2023-42833: Fixed processing web content that may have led to
arbitrary code execution (bsc#1219604).</li>
</ul>





<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper
patch".<br/>

Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">

<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing 12 SP5


<br/>
<code>zypper in -t patch
SUSE-SLE-SERVER-12-SP5-2024-545=1</code>



</li>

<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5


<br/>
<code>zypper in -t patch
SUSE-SLE-SERVER-12-SP5-2024-545=1</code>



</li>

<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 12 SP5


<br/>
<code>zypper in -t patch
SUSE-SLE-SERVER-12-SP5-2024-545=1</code>



</li>

<li class="list-group-item">
SUSE Linux Enterprise Workstation Extension 12 12-SP5


<br/>
<code>zypper in -t patch
SUSE-SLE-WE-12-SP5-2024-545=1</code>



</li>

<li class="list-group-item">
SUSE Linux Enterprise Software Development Kit 12 SP5


<br/>
<code>zypper in -t patch
SUSE-SLE-SDK-12-SP5-2024-545=1</code>



</li>

</ul>

<h2>Package List:</h2>
<ul>


<li>
SUSE Linux Enterprise High Performance Computing 12 SP5
(aarch64 x86_64)
<ul>


<li>libwebkit2gtk-4_0-37-2.42.5-2.168.2</li>


<li>libwebkit2gtk-4_0-37-debuginfo-2.42.5-2.168.2</li>


<li>typelib-1_0-JavaScriptCore-4_0-2.42.5-2.168.2</li>


<li>typelib-1_0-WebKit2-4_0-2.42.5-2.168.2</li>


<li>libjavascriptcoregtk-4_0-18-2.42.5-2.168.2</li>


<li>webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-2.168.2</li>


<li>typelib-1_0-WebKit2WebExtension-4_0-2.42.5-2.168.2</li>


<li>libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-2.168.2</li>


<li>webkit2gtk-4_0-injected-bundles-2.42.5-2.168.2</li>


<li>webkit2gtk3-debugsource-2.42.5-2.168.2</li>

</ul>
</li>

<li>
SUSE Linux Enterprise High Performance Computing 12 SP5
(noarch)
<ul>


<li>libwebkit2gtk3-lang-2.42.5-2.168.2</li>

</ul>
</li>



<li>
SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x
x86_64)
<ul>


<li>libwebkit2gtk-4_0-37-2.42.5-2.168.2</li>


<li>libwebkit2gtk-4_0-37-debuginfo-2.42.5-2.168.2</li>


<li>typelib-1_0-JavaScriptCore-4_0-2.42.5-2.168.2</li>


<li>typelib-1_0-WebKit2-4_0-2.42.5-2.168.2</li>


<li>libjavascriptcoregtk-4_0-18-2.42.5-2.168.2</li>


<li>webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-2.168.2</li>


<li>typelib-1_0-WebKit2WebExtension-4_0-2.42.5-2.168.2</li>


<li>libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-2.168.2</li>


<li>webkit2gtk-4_0-injected-bundles-2.42.5-2.168.2</li>


<li>webkit2gtk3-debugsource-2.42.5-2.168.2</li>

</ul>
</li>

<li>
SUSE Linux Enterprise Server 12 SP5 (noarch)
<ul>


<li>libwebkit2gtk3-lang-2.42.5-2.168.2</li>

</ul>
</li>



<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5
(ppc64le x86_64)
<ul>


<li>libwebkit2gtk-4_0-37-2.42.5-2.168.2</li>


<li>libwebkit2gtk-4_0-37-debuginfo-2.42.5-2.168.2</li>


<li>typelib-1_0-JavaScriptCore-4_0-2.42.5-2.168.2</li>


<li>typelib-1_0-WebKit2-4_0-2.42.5-2.168.2</li>


<li>libjavascriptcoregtk-4_0-18-2.42.5-2.168.2</li>


<li>webkit2gtk-4_0-injected-bundles-debuginfo-2.42.5-2.168.2</li>


<li>typelib-1_0-WebKit2WebExtension-4_0-2.42.5-2.168.2</li>


<li>libjavascriptcoregtk-4_0-18-debuginfo-2.42.5-2.168.2</li>


<li>webkit2gtk-4_0-injected-bundles-2.42.5-2.168.2</li>


<li>webkit2gtk3-debugsource-2.42.5-2.168.2</li>

</ul>
</li>

<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5
(noarch)
<ul>


<li>libwebkit2gtk3-lang-2.42.5-2.168.2</li>

</ul>
</li>



<li>
SUSE Linux Enterprise Workstation Extension 12 12-SP5
(x86_64)
<ul>


<li>libjavascriptcoregtk-4_0-18-32bit-2.42.5-2.168.2</li>

</ul>
</li>



<li>
SUSE Linux Enterprise Software Development Kit 12 SP5
(aarch64 ppc64le s390x x86_64)
<ul>


<li>webkit2gtk3-debugsource-2.42.5-2.168.2</li>


<li>typelib-1_0-WebKit2WebExtension-4_0-2.42.5-2.168.2</li>


<li>webkit2gtk3-devel-2.42.5-2.168.2</li>

</ul>
</li>


</ul>


<h2>References:</h2>
<ul>


<li>
<a href="https://www.suse.com/security/cve/CVE-2014-1745.html">https://www.suse.com/security/cve/CVE-2014-1745.html</a>
</li>



<li>
<a href="https://www.suse.com/security/cve/CVE-2023-40414.html">https://www.suse.com/security/cve/CVE-2023-40414.html</a>
</li>



<li>
<a href="https://www.suse.com/security/cve/CVE-2023-42833.html">https://www.suse.com/security/cve/CVE-2023-42833.html</a>
</li>



<li>
<a href="https://www.suse.com/security/cve/CVE-2024-23206.html">https://www.suse.com/security/cve/CVE-2024-23206.html</a>
</li>



<li>
<a href="https://www.suse.com/security/cve/CVE-2024-23213.html">https://www.suse.com/security/cve/CVE-2024-23213.html</a>
</li>



<li>
<a href="https://www.suse.com/security/cve/CVE-2024-23222.html">https://www.suse.com/security/cve/CVE-2024-23222.html</a>
</li>



<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219113">https://bugzilla.suse.com/show_bug.cgi?id=1219113</a>
</li>



<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219604">https://bugzilla.suse.com/show_bug.cgi?id=1219604</a>
</li>


</ul>

</div>

--===============8400320571644921766==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung