OPENSUSE-SU-2022:0705-1
Vulnerability Summary
Timeline
Description
Security update for webkit2gtk3 This update for webkit2gtk3 fixes the following issues: Update to version 2.34.6 (bsc#1196133): - CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution. Update to version 2.34.5 (bsc#1195735): - CVE-2022-22589: A validation issue was addressed with improved input sanitization. - CVE-2022-22590: A use after free issue was addressed with improved memory management. - CVE-2022-22592: A logic issue was addressed with improved state management. Update to version 2.34.4 (bsc#1195064): - CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling. - CVE-2021-30936: A use after free issue was addressed with improved memory management. - CVE-2021-30951: A use after free issue was addressed with improved memory management. - CVE-2021-30952: An integer overflow was addressed with improved input validation. - CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking. - CVE-2021-30954: A type confusion issue was addressed with improved memory handling. - CVE-2021-30984: A race condition was addressed with improved state handling. - CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation. The following CVEs were addressed in a previous update: - CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create. - CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild. - CVE-2021-45483: A use-after-free in WebCore::Frame::page.
Affected Systems
- opensuse•webkit2gtk3&distro=openSUSE Leap 15.3
< 2.34.6-29.1
References (18)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/
- https://bugzilla.suse.com/1195064
- https://bugzilla.suse.com/1195735
- https://bugzilla.suse.com/1196133
- https://www.suse.com/security/cve/CVE-2021-30934
- https://www.suse.com/security/cve/CVE-2021-30936
- https://www.suse.com/security/cve/CVE-2021-30951
- https://www.suse.com/security/cve/CVE-2021-30952
- https://www.suse.com/security/cve/CVE-2021-30953
- https://www.suse.com/security/cve/CVE-2021-30954
- https://www.suse.com/security/cve/CVE-2021-30984
- https://www.suse.com/security/cve/CVE-2021-45481
- https://www.suse.com/security/cve/CVE-2021-45482
- https://www.suse.com/security/cve/CVE-2021-45483
- https://www.suse.com/security/cve/CVE-2022-22589
- https://www.suse.com/security/cve/CVE-2022-22590
- https://www.suse.com/security/cve/CVE-2022-22592
- https://www.suse.com/security/cve/CVE-2022-22620