openSUSE: 2020:2304-1 important: webkit2gtk3
openSUSE: 2020:2304-1 important: webkit2gtk3
An update that fixes 5 vulnerabilities is now available.
openSUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:2304-1
Rating: important
References: #1171531 #1177087 #1179122 #1179451
Cross-References: CVE-2020-13543 CVE-2020-13584 CVE-2020-9948
CVE-2020-9951 CVE-2020-9983
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update for webkit2gtk3 fixes the following issues:
-webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451):
- CVE-2021-13543: Fixed a use after free which could have led to
arbitrary code execution.
- CVE-2021-13584: Fixed a use after free which could have led to
arbitrary code execution.
- CVE-2021-9948: Fixed a type confusion which could have led to
arbitrary code execution.
- CVE-2021-9951: Fixed a use after free which could have led to
arbitrary code execution.
- CVE-2021-9983: Fixed an out of bounds write which could have led to
arbitrary code execution.
- Have the libwebkit2gtk package require libjavascriptcoregtk of the
same version (bsc#1171531).
- Enable c_loop on aarch64: currently needed for compilation to succeed
with JIT disabled. Also disable sampling profiler, since it conflicts
with c_loop (bsc#1177087).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-2304=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
libjavascriptcoregtk-4_0-18-2.30.3-lp151.2.28.2
libjavascriptcoregtk-4_0-18-debuginfo-2.30.3-lp151.2.28.2
libwebkit2gtk-4_0-37-2.30.3-lp151.2.28.2
libwebkit2gtk-4_0-37-debuginfo-2.30.3-lp151.2.28.2
typelib-1_0-JavaScriptCore-4_0-2.30.3-lp151.2.28.2
typelib-1_0-WebKit2-4_0-2.30.3-lp151.2.28.2
typelib-1_0-WebKit2WebExtension-4_0-2.30.3-lp151.2.28.2
webkit-jsc-4-2.30.3-lp151.2.28.2
webkit-jsc-4-debuginfo-2.30.3-lp151.2.28.2
webkit2gtk-4_0-injected-bundles-2.30.3-lp151.2.28.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.30.3-lp151.2.28.2
webkit2gtk3-debugsource-2.30.3-lp151.2.28.2
webkit2gtk3-devel-2.30.3-lp151.2.28.2
webkit2gtk3-minibrowser-2.30.3-lp151.2.28.2
webkit2gtk3-minibrowser-debuginfo-2.30.3-lp151.2.28.2
- openSUSE Leap 15.1 (x86_64):
libjavascriptcoregtk-4_0-18-32bit-2.30.3-lp151.2.28.2
libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.30.3-lp151.2.28.2
libwebkit2gtk-4_0-37-32bit-2.30.3-lp151.2.28.2
libwebkit2gtk-4_0-37-32bit-debuginfo-2.30.3-lp151.2.28.2
- openSUSE Leap 15.1 (noarch):
libwebkit2gtk3-lang-2.30.3-lp151.2.28.2
References:
https://www.suse.com/security/cve/CVE-2020-13543.html
https://www.suse.com/security/cve/CVE-2020-13584.html
https://www.suse.com/security/cve/CVE-2020-9948.html
https://www.suse.com/security/cve/CVE-2020-9951.html
https://www.suse.com/security/cve/CVE-2020-9983.html
https://bugzilla.suse.com/1171531
https://bugzilla.suse.com/1177087
https://bugzilla.suse.com/1179122
https://bugzilla.suse.com/1179451
_______________________________________________
openSUSE Security Announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
To unsubscribe, email This email address is being protected from spambots. You need JavaScript enabled to view it.
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
