openSUSE: 2020:2304-1 important: webkit2gtk3
openSUSE: 2020:2304-1 important: webkit2gtk3
An update that fixes 5 vulnerabilities is now available.
openSUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2304-1 Rating: important References: #1171531 #1177087 #1179122 #1179451 Cross-References: CVE-2020-13543 CVE-2020-13584 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: -webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451): - CVE-2021-13543: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-13584: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-9948: Fixed a type confusion which could have led to arbitrary code execution. - CVE-2021-9951: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-9983: Fixed an out of bounds write which could have led to arbitrary code execution. - Have the libwebkit2gtk package require libjavascriptcoregtk of the same version (bsc#1171531). - Enable c_loop on aarch64: currently needed for compilation to succeed with JIT disabled. Also disable sampling profiler, since it conflicts with c_loop (bsc#1177087). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2304=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): libjavascriptcoregtk-4_0-18-2.30.3-lp151.2.28.2 libjavascriptcoregtk-4_0-18-debuginfo-2.30.3-lp151.2.28.2 libwebkit2gtk-4_0-37-2.30.3-lp151.2.28.2 libwebkit2gtk-4_0-37-debuginfo-2.30.3-lp151.2.28.2 typelib-1_0-JavaScriptCore-4_0-2.30.3-lp151.2.28.2 typelib-1_0-WebKit2-4_0-2.30.3-lp151.2.28.2 typelib-1_0-WebKit2WebExtension-4_0-2.30.3-lp151.2.28.2 webkit-jsc-4-2.30.3-lp151.2.28.2 webkit-jsc-4-debuginfo-2.30.3-lp151.2.28.2 webkit2gtk-4_0-injected-bundles-2.30.3-lp151.2.28.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.30.3-lp151.2.28.2 webkit2gtk3-debugsource-2.30.3-lp151.2.28.2 webkit2gtk3-devel-2.30.3-lp151.2.28.2 webkit2gtk3-minibrowser-2.30.3-lp151.2.28.2 webkit2gtk3-minibrowser-debuginfo-2.30.3-lp151.2.28.2 - openSUSE Leap 15.1 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.30.3-lp151.2.28.2 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.30.3-lp151.2.28.2 libwebkit2gtk-4_0-37-32bit-2.30.3-lp151.2.28.2 libwebkit2gtk-4_0-37-32bit-debuginfo-2.30.3-lp151.2.28.2 - openSUSE Leap 15.1 (noarch): libwebkit2gtk3-lang-2.30.3-lp151.2.28.2 References: https://www.suse.com/security/cve/CVE-2020-13543.html https://www.suse.com/security/cve/CVE-2020-13584.html https://www.suse.com/security/cve/CVE-2020-9948.html https://www.suse.com/security/cve/CVE-2020-9951.html https://www.suse.com/security/cve/CVE-2020-9983.html https://bugzilla.suse.com/1171531 https://bugzilla.suse.com/1177087 https://bugzilla.suse.com/1179122 https://bugzilla.suse.com/1179451 _______________________________________________ openSUSE Security Announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe, email This email address is being protected from spambots. You need JavaScript enabled to view it. List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.