Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2024:0002-1 important: webkit2gtk3 code execution and DoS

suse
Calendar Grey January 2, 2024
Dist Suse Esm H88
Update for SUSE addresses critical flaws in webkit2gtk3 enhancing overall system security and stability.
* bsc#1215868 * bsc#1215869 * bsc#1215870 * bsc#1218032 * bsc#1218033

Summary

## This update for webkit2gtk3 fixes the following issues: * CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution (bsc#1218033). * CVE-2023-42883: Fixed processing a malicious image may lead to a denial-of- service (bsc#1218032). * CVE-2023-41074: Fixed use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (bsc#1215870). * CVE-2023-39928: Fixed use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (bsc#1215868). * CVE-2023-40451, CVE-2023-41074: Update to version 2.42.4 (bsc#1215868). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

Topics%20covered

Topics Covered

security advisory critical code execution DoS SUSE webkit2gtk3

References

* bsc#1215868

* bsc#1215869

* bsc#1215870

* bsc#1218032

* bsc#1218033

Cross-

* CVE-2023-32359

* CVE-2023-39928

* CVE-2023-40451

* CVE-2023-41074

* CVE-2023-42883

* CVE-2023-42890

CVSS scores:

* CVE-2023-32359 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-32359 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-39928 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-39928 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-40451 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-40451 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-41074 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:0002-1
Rating: important

Topics%20covered

Topics Covered

security advisory critical code execution DoS SUSE webkit2gtk3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here