Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

SUSE: 2022:4642-1 Important: WebKit2gtk3 Code Execution Risks

suse
Calendar Grey December 30, 2022
Dist Suse Esm H88
A significant patch for webkit2gtk3 has been released, focusing on several critical security flaws affecting SUSE operating systems.
An update that fixes 9 vulnerabilities is now available

Summary

This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3: - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474). - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. - CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management. - CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management. - CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks. - CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption. - CVE-2022-46700: Fixed an arbitrary code execution caused by memory corruption. Patch Instructions:

References

#1206474 #1206750

Cross- CVE-2022-42852 CVE-2022-42856 CVE-2022-42863

CVE-2022-42867 CVE-2022-46691 CVE-2022-46692

CVE-2022-46698 CVE-2022-46699 CVE-2022-46700

CVSS scores:

CVE-2022-42852 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2022-42852 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2022-42856 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-42856 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-42863 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-42863 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-42867 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-42867 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:4642-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.