SUSE-SU-2022:0705-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:0705-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2022:0705-1
- Related
- Published
- 2022-03-04T06:45:46Z
- Modified
- 2022-03-04T06:45:46Z
- Summary
- Security update for webkit2gtk3
- Details
-
This update for webkit2gtk3 fixes the following issues:
Update to version 2.34.6 (bsc#1196133):
- CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution.
Update to version 2.34.5 (bsc#1195735):
- CVE-2022-22589: A validation issue was addressed with improved input sanitization.
- CVE-2022-22590: A use after free issue was addressed with improved memory management.
- CVE-2022-22592: A logic issue was addressed with improved state management.
Update to version 2.34.4 (bsc#1195064):
- CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling.
- CVE-2021-30936: A use after free issue was addressed with improved memory management.
- CVE-2021-30951: A use after free issue was addressed with improved memory management.
- CVE-2021-30952: An integer overflow was addressed with improved input validation.
- CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2021-30954: A type confusion issue was addressed with improved memory handling.
- CVE-2021-30984: A race condition was addressed with improved state handling.
- CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation.
The following CVEs were addressed in a previous update:
- CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create.
- CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild.
- CVE-2021-45483: A use-after-free in WebCore::Frame::page.
- References
-
- https://www.suse.com/support/update/announcement/2022/suse-su-20220705-1/
- https://bugzilla.suse.com/1195064
- https://bugzilla.suse.com/1195735
- https://bugzilla.suse.com/1196133
- https://www.suse.com/security/cve/CVE-2021-30934
- https://www.suse.com/security/cve/CVE-2021-30936
- https://www.suse.com/security/cve/CVE-2021-30951
- https://www.suse.com/security/cve/CVE-2021-30952
- https://www.suse.com/security/cve/CVE-2021-30953
- https://www.suse.com/security/cve/CVE-2021-30954
- https://www.suse.com/security/cve/CVE-2021-30984
- https://www.suse.com/security/cve/CVE-2021-45481
- https://www.suse.com/security/cve/CVE-2021-45482
- https://www.suse.com/security/cve/CVE-2021-45483
- https://www.suse.com/security/cve/CVE-2022-22589
- https://www.suse.com/security/cve/CVE-2022-22590
- https://www.suse.com/security/cve/CVE-2022-22592
- https://www.suse.com/security/cve/CVE-2022-22620
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 SP3 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3
SUSE:Linux Enterprise Module for Desktop Applications 15 SP3 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3
SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOS / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.6-29.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.34.6-29.1",
"typelib-1_0-JavaScriptCore-4_0": "2.34.6-29.1",
"libjavascriptcoregtk-4_0-18": "2.34.6-29.1",
"webkit2gtk-4_0-injected-bundles": "2.34.6-29.1",
"libwebkit2gtk-4_0-37": "2.34.6-29.1",
"libwebkit2gtk3-lang": "2.34.6-29.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.6-29.1",
"webkit2gtk3-devel": "2.34.6-29.1"
}
]
}
SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.6-29.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.34.6-29.1",
"typelib-1_0-JavaScriptCore-4_0": "2.34.6-29.1",
"libjavascriptcoregtk-4_0-18": "2.34.6-29.1",
"webkit2gtk-4_0-injected-bundles": "2.34.6-29.1",
"libwebkit2gtk-4_0-37": "2.34.6-29.1",
"libwebkit2gtk3-lang": "2.34.6-29.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.6-29.1",
"webkit2gtk3-devel": "2.34.6-29.1"
}
]
}
SUSE:Linux Enterprise Real Time 15 SP2 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.6-29.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.34.6-29.1",
"typelib-1_0-JavaScriptCore-4_0": "2.34.6-29.1",
"libjavascriptcoregtk-4_0-18": "2.34.6-29.1",
"webkit2gtk-4_0-injected-bundles": "2.34.6-29.1",
"libwebkit2gtk-4_0-37": "2.34.6-29.1",
"libwebkit2gtk3-lang": "2.34.6-29.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.6-29.1",
"webkit2gtk3-devel": "2.34.6-29.1"
}
]
}
SUSE:Linux Enterprise Server 15 SP2-BCL / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCL
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.6-29.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.34.6-29.1",
"typelib-1_0-JavaScriptCore-4_0": "2.34.6-29.1",
"libjavascriptcoregtk-4_0-18": "2.34.6-29.1",
"webkit2gtk-4_0-injected-bundles": "2.34.6-29.1",
"libwebkit2gtk-4_0-37": "2.34.6-29.1",
"libwebkit2gtk3-lang": "2.34.6-29.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.6-29.1",
"webkit2gtk3-devel": "2.34.6-29.1"
}
]
}
SUSE:Linux Enterprise Server 15 SP2-LTSS / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.6-29.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.34.6-29.1",
"typelib-1_0-JavaScriptCore-4_0": "2.34.6-29.1",
"libjavascriptcoregtk-4_0-18": "2.34.6-29.1",
"webkit2gtk-4_0-injected-bundles": "2.34.6-29.1",
"libwebkit2gtk-4_0-37": "2.34.6-29.1",
"libwebkit2gtk3-lang": "2.34.6-29.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.6-29.1",
"webkit2gtk3-devel": "2.34.6-29.1"
}
]
}
SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.6-29.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.34.6-29.1",
"typelib-1_0-JavaScriptCore-4_0": "2.34.6-29.1",
"libjavascriptcoregtk-4_0-18": "2.34.6-29.1",
"webkit2gtk-4_0-injected-bundles": "2.34.6-29.1",
"libwebkit2gtk-4_0-37": "2.34.6-29.1",
"libwebkit2gtk3-lang": "2.34.6-29.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.6-29.1",
"webkit2gtk3-devel": "2.34.6-29.1"
}
]
}
SUSE:Manager Proxy 4.1 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Manager%20Proxy%204.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.6-29.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.34.6-29.1",
"typelib-1_0-JavaScriptCore-4_0": "2.34.6-29.1",
"libjavascriptcoregtk-4_0-18": "2.34.6-29.1",
"webkit2gtk-4_0-injected-bundles": "2.34.6-29.1",
"libwebkit2gtk-4_0-37": "2.34.6-29.1",
"libwebkit2gtk3-lang": "2.34.6-29.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.6-29.1",
"webkit2gtk3-devel": "2.34.6-29.1"
}
]
}
SUSE:Manager Retail Branch Server 4.1 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.6-29.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.34.6-29.1",
"typelib-1_0-JavaScriptCore-4_0": "2.34.6-29.1",
"libjavascriptcoregtk-4_0-18": "2.34.6-29.1",
"webkit2gtk-4_0-injected-bundles": "2.34.6-29.1",
"libwebkit2gtk-4_0-37": "2.34.6-29.1",
"libwebkit2gtk3-lang": "2.34.6-29.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.6-29.1",
"webkit2gtk3-devel": "2.34.6-29.1"
}
]
}
SUSE:Manager Server 4.1 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Manager%20Server%204.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.6-29.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.34.6-29.1",
"typelib-1_0-JavaScriptCore-4_0": "2.34.6-29.1",
"libjavascriptcoregtk-4_0-18": "2.34.6-29.1",
"webkit2gtk-4_0-injected-bundles": "2.34.6-29.1",
"libwebkit2gtk-4_0-37": "2.34.6-29.1",
"libwebkit2gtk3-lang": "2.34.6-29.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.6-29.1",
"webkit2gtk3-devel": "2.34.6-29.1"
}
]
}
SUSE:Enterprise Storage 7 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=SUSE%20Enterprise%20Storage%207
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.6-29.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.34.6-29.1",
"typelib-1_0-JavaScriptCore-4_0": "2.34.6-29.1",
"libjavascriptcoregtk-4_0-18": "2.34.6-29.1",
"webkit2gtk-4_0-injected-bundles": "2.34.6-29.1",
"libwebkit2gtk-4_0-37": "2.34.6-29.1",
"libwebkit2gtk3-lang": "2.34.6-29.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.34.6-29.1",
"webkit2gtk3-devel": "2.34.6-29.1"
}
]
}