Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 551
Alerts This Week
Warning Icon 1 551

SUSE: 2021:2762-1 Important: Webkit2gtk3 Critical Memory Issues

suse
Calendar Grey August 17, 2021
Dist Suse Esm H88
The recent patch from SUSE resolves 11 crucial vulnerabilities in webkit2gtk3, boosting system reliability and safety.
An update that fixes 13 vulnerabilities is now available

Summary

This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.3: - CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-30663: An integer overflow was addressed with improved input

References

#1188697

Cross- CVE-2021-21775 CVE-2021-21779 CVE-2021-30663

CVE-2021-30665 CVE-2021-30689 CVE-2021-30720

CVE-2021-30734 CVE-2021-30744 CVE-2021-30749

CVE-2021-30758 CVE-2021-30795 CVE-2021-30797

CVE-2021-30799

CVSS scores:

CVE-2021-21775 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-21775 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-21779 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-21779 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-30749 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

SUSE Manager Server 4.0

SUSE Manager Retail Branch Server 4.0

SUSE Manager Proxy 4.0

SUSE Linux Enterprise Server for SAP 15-SP1

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2762-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.