openSUSE-SU-2021:0637-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0637-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2021:0637-1
- Related
- Published
- 2021-04-30T19:23:01Z
- Modified
- 2021-04-30T19:23:01Z
- Summary
- Security update for webkit2gtk3
- Details
-
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.32.0 (bsc#1184155):
- Fix the authentication request port when URL omits the port.
- Fix iframe scrolling when main frame is scrolled in async
- scrolling mode.
- Stop using g_memdup.
- Show a warning message when overriding signal handler for
- threading suspension.
- Fix the build on RISC-V with GCC 11.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871
- Update in version 2.30.6 (bsc#1184262):
- Update user agent quirks again for Google Docs and Google Drive.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765 CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870.
- Update _constraints for armv6/armv7 (bsc#1182719)
- restore NPAPI plugin support which was removed in 2.32.0
This update was imported from the SUSE:SLE-15-SP2:Update update project.
- Update to version 2.32.0 (bsc#1184155):
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLZ5MXMQE5PW2OZS4ZK2IAEG3Y3AFJVD/
- https://bugzilla.suse.com/1182719
- https://bugzilla.suse.com/1184155
- https://bugzilla.suse.com/1184262
- https://www.suse.com/security/cve/CVE-2020-27918
- https://www.suse.com/security/cve/CVE-2020-29623
- https://www.suse.com/security/cve/CVE-2021-1765
- https://www.suse.com/security/cve/CVE-2021-1788
- https://www.suse.com/security/cve/CVE-2021-1789
- https://www.suse.com/security/cve/CVE-2021-1799
- https://www.suse.com/security/cve/CVE-2021-1801
- https://www.suse.com/security/cve/CVE-2021-1844
- https://www.suse.com/security/cve/CVE-2021-1870
- https://www.suse.com/security/cve/CVE-2021-1871
Affected packages
openSUSE:Leap 15.2 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- purl:rpm/suse/webkit2gtk3&distro=openSUSE%20Leap%2015.2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.32.0-lp152.2.13.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.32.0-lp152.2.13.1",
"typelib-1_0-JavaScriptCore-4_0": "2.32.0-lp152.2.13.1",
"libjavascriptcoregtk-4_0-18": "2.32.0-lp152.2.13.1",
"webkit2gtk3-minibrowser": "2.32.0-lp152.2.13.1",
"libwebkit2gtk-4_0-37-32bit": "2.32.0-lp152.2.13.1",
"webkit-jsc-4": "2.32.0-lp152.2.13.1",
"libwebkit2gtk-4_0-37": "2.32.0-lp152.2.13.1",
"webkit2gtk-4_0-injected-bundles": "2.32.0-lp152.2.13.1",
"libwebkit2gtk3-lang": "2.32.0-lp152.2.13.1",
"libjavascriptcoregtk-4_0-18-32bit": "2.32.0-lp152.2.13.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.32.0-lp152.2.13.1",
"webkit2gtk3-devel": "2.32.0-lp152.2.13.1"
}
]
}