Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

SUSE: 2021:2598-1 Crucial Memory Vulnerabilities in WebKit2gtk3 Identified

suse
Calendar Grey August 3, 2021
Dist Suse Esm H88
SUSE Security Update: Crucial fixes for webkit2gtk3 addressing multiple memory issues and security threats.
An update that fixes 13 vulnerabilities is now available

Summary

This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.3: - CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-30663: An integer overflow was addressed with improved input

References

#1188697

Cross- CVE-2021-21775 CVE-2021-21779 CVE-2021-30663

CVE-2021-30665 CVE-2021-30689 CVE-2021-30720

CVE-2021-30734 CVE-2021-30744 CVE-2021-30749

CVE-2021-30758 CVE-2021-30795 CVE-2021-30797

CVE-2021-30799

CVSS scores:

CVE-2021-21775 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-21775 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-21779 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-21779 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-30749 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Module for Desktop Applications 15-SP3

SUSE Linux Enterprise Module for Desktop Applications 15-SP2

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2598-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.