SUSE-SU-2023:3233-1
Vulnerability Summary
Timeline
Description
Security update for webkit2gtk3 This update for webkit2gtk3 fixes the following issues: Update to version 2.40.5 (bsc#1213905): - CVE-2023-38133: Fixed information disclosure. - CVE-2023-38572: Fixed Same-Origin-Policy bypass. - CVE-2023-38592: Fixed arbitrary code execution. - CVE-2023-38594: Fixed arbitrary code execution. - CVE-2023-38595: Fixed arbitrary code execution. - CVE-2023-38597: Fixed arbitrary code execution. - CVE-2023-38599: Fixed sensitive user information tracking. - CVE-2023-38600: Fixed arbitrary code execution. - CVE-2023-38611: Fixed arbitrary code execution. Update to version 2.40.3 (bsc#1212863): - CVE-2023-32439: Fixed a bug where processing maliciously crafted web content may lead to arbitrary code execution. (bsc#1212863) - CVE-2023-32435: Fixed a bug where processing web content may lead to arbitrary code execution. (bsc#1212863) - CVE-2022-48503: Fixed a bug where processing web content may lead to arbitrary code execution. (bsc#1212863)
Affected Systems
- suse•webkit2gtk3&distro=SUSE Enterprise Storage 7.1
< 2.40.5-150200.78.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
< 2.40.5-150200.78.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
< 2.40.5-150200.78.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
< 2.40.5-150200.78.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
< 2.40.5-150200.78.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
< 2.40.5-150200.78.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
< 2.40.5-150200.78.1
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3
< 2.40.5-150200.78.1
- suse•webkit2gtk3&distro=SUSE Manager Proxy 4.2
< 2.40.5-150200.78.1
- suse•webkit2gtk3&distro=SUSE Manager Server 4.2
< 2.40.5-150200.78.1
References (15)
- https://www.suse.com/support/update/announcement/2023/suse-su-20233233-1/
- https://bugzilla.suse.com/1212863
- https://bugzilla.suse.com/1213905
- https://www.suse.com/security/cve/CVE-2022-48503
- https://www.suse.com/security/cve/CVE-2023-32435
- https://www.suse.com/security/cve/CVE-2023-32439
- https://www.suse.com/security/cve/CVE-2023-38133
- https://www.suse.com/security/cve/CVE-2023-38572
- https://www.suse.com/security/cve/CVE-2023-38592
- https://www.suse.com/security/cve/CVE-2023-38594
- https://www.suse.com/security/cve/CVE-2023-38595
- https://www.suse.com/security/cve/CVE-2023-38597
- https://www.suse.com/security/cve/CVE-2023-38599
- https://www.suse.com/security/cve/CVE-2023-38600
- https://www.suse.com/security/cve/CVE-2023-38611