Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2022:1511-1 Important: Webkit2gtk3 Risks of Arbitrary Code Execution

suse
Calendar Grey May 3, 2022
Dist Suse Esm H88
Critical patch released for webkit2gtk3 addresses several security flaws, enhancing protection across SUSE-based systems.
An update that fixes 5 vulnerabilities is now available

Summary

This update for webkit2gtk3 fixes the following issues: Update to version 2.36.0 (bsc#1198290): - CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution. - CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error. Missing CVE reference for the update to 2.34.6 (bsc#1196133): - CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1:

Topics%20covered

Topics Covered

security advisory buffer overflow arbitrary code execution important SUSE webkit2gtk3 cross-origin issue

References

#1196133 #1198290

Cross- CVE-2022-22594 CVE-2022-22624 CVE-2022-22628

CVE-2022-22629 CVE-2022-22637

CVSS scores:

CVE-2022-22594 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2022-22594 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2022-22624 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-22628 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-22629 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-22637 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Products:

SUSE CaaS Platform 4.0

SUSE Enterprise Storage 6

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1511-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow arbitrary code execution important SUSE webkit2gtk3 cross-origin issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here