Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

SUSE: 2021:2600-1 Critical Memory Issues in Webkit2gtk3

suse
Calendar Grey August 3, 2021
Dist Suse Esm H88
Vital SUSE patch addresses several memory vulnerabilities in webkit2gtk3. Safeguard your system by applying this update.
An update that fixes 13 vulnerabilities is now available

Summary

This update for webkit2gtk3 fixes the following issues: Update to version 2.32.3: - CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-30663: An integer overflow was addressed with improved input

References

#1188697

Cross- CVE-2021-21775 CVE-2021-21779 CVE-2021-30663

CVE-2021-30665 CVE-2021-30689 CVE-2021-30720

CVE-2021-30734 CVE-2021-30744 CVE-2021-30749

CVE-2021-30758 CVE-2021-30795 CVE-2021-30797

CVE-2021-30799

CVSS scores:

CVE-2021-21775 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-21775 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-21779 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-21779 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-30749 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

SUSE OpenStack Cloud Crowbar 9

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud 8

SUSE Linux ...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2600-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.