SUSE-SU-2021:2598-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:2598-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2021:2598-1
- Related
- Published
- 2021-08-03T12:38:53Z
- Modified
- 2021-08-03T12:38:53Z
- Summary
- Security update for webkit2gtk3
- Details
-
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.32.3:
- CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697)
- CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697)
- CVE-2021-30663: An integer overflow was addressed with improved input validation. (bsc#1188697)
- CVE-2021-30665: A memory corruption issue was addressed with improved state management. (bsc#1188697)
- CVE-2021-30689: A logic issue was addressed with improved state management. (bsc#1188697)
- CVE-2021-30720: A logic issue was addressed with improved restrictions. (bsc#1188697)
- CVE-2021-30734: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697)
- CVE-2021-30744: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (bsc#1188697)
- CVE-2021-30749: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697)
- CVE-2021-30758: A type confusion issue was addressed with improved state handling. (bsc#1188697)
- CVE-2021-30795: A use after free issue was addressed with improved memory management. (bsc#1188697)
- CVE-2021-30797: This issue was addressed with improved checks. (bsc#1188697)
- CVE-2021-30799: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697)
- References
-
- https://www.suse.com/support/update/announcement/2021/suse-su-20212598-1/
- https://bugzilla.suse.com/1188697
- https://www.suse.com/security/cve/CVE-2021-21775
- https://www.suse.com/security/cve/CVE-2021-21779
- https://www.suse.com/security/cve/CVE-2021-30663
- https://www.suse.com/security/cve/CVE-2021-30665
- https://www.suse.com/security/cve/CVE-2021-30689
- https://www.suse.com/security/cve/CVE-2021-30720
- https://www.suse.com/security/cve/CVE-2021-30734
- https://www.suse.com/security/cve/CVE-2021-30744
- https://www.suse.com/security/cve/CVE-2021-30749
- https://www.suse.com/security/cve/CVE-2021-30758
- https://www.suse.com/security/cve/CVE-2021-30795
- https://www.suse.com/security/cve/CVE-2021-30797
- https://www.suse.com/security/cve/CVE-2021-30799
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 SP2 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2
SUSE:Linux Enterprise Module for Basesystem 15 SP3 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3
SUSE:Linux Enterprise Module for Desktop Applications 15 SP2 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2