SUSE-SU-2024:0545-1
Vulnerability Summary
Timeline
Description
Security update for webkit2gtk3 This update for webkit2gtk3 fixes the following issues: Update to version 2.42.5 (bsc#1219604): - CVE-2024-23222: Fixed processing maliciously crafted web content that may have led to arbitrary code execution (bsc#1219113). - CVE-2024-23206: Fixed fingerprint user via maliciously crafted webpages (bsc#1219604). - CVE-2024-23213: Fixed processing web content that may have led to arbitrary code execution (bsc#1219604). - CVE-2023-40414: Fixed processing web content that may have led to arbitrary code execution (bsc#1219604). - CVE-2014-1745: Fixed denial-of-service or potentially disclose memory contents while processing maliciously crafted files (bsc#1219604). - CVE-2023-42833: Fixed processing web content that may have led to arbitrary code execution (bsc#1219604).
Affected Systems
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Server 12 SP5
< 2.42.5-2.168.2
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5
< 2.42.5-2.168.2
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Software Development Kit 12 SP5
< 2.42.5-2.168.2
- suse•webkit2gtk3&distro=SUSE Linux Enterprise Workstation Extension 12 SP5
< 2.42.5-2.168.2
References (9)
- https://www.suse.com/support/update/announcement/2024/suse-su-20240545-1/
- https://bugzilla.suse.com/1219113
- https://bugzilla.suse.com/1219604
- https://www.suse.com/security/cve/CVE-2014-1745
- https://www.suse.com/security/cve/CVE-2023-40414
- https://www.suse.com/security/cve/CVE-2023-42833
- https://www.suse.com/security/cve/CVE-2024-23206
- https://www.suse.com/security/cve/CVE-2024-23213
- https://www.suse.com/security/cve/CVE-2024-23222