Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2024:4167-1 important: webkit2gtk3 DoS and Code Exec Issues

suse
Calendar Grey December 4, 2024
Dist Suse Esm H88
A critical security patch from SUSE for webkit2gtk3 addresses various vulnerabilities, notably those allowing remote code execution and weaknesses in isolation protocols.
* bsc#1232747 * bsc#1233631 * bsc#1233632 Cross-References:

Summary

## This update for webkit2gtk3 fixes the following issues: Update to version 2.46.3 (bsc#1232747), including fixes for: * CVE-2024-44308: Fixed arbitrary code execution by not allocating DFG register after a slow path (bsc#1233631). * CVE-2024-44309: Fixed a data isolation bypass vulnerability (bsc#1233632). * CVE-2024-44244: Processing maliciously crafted web content may lead to an unexpected process crash. * CVE-2024-44296: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS

Topics%20covered

Topics Covered

security advisory DoS arbitrary code execution important SUSE webkit2gtk3 data isolation

References

* bsc#1232747

* bsc#1233631

* bsc#1233632

Cross-

* CVE-2024-44185

* CVE-2024-44296

* CVE-2024-44308

* CVE-2024-44309

* CVE-2044-44244

CVSS scores:

* CVE-2024-44185 ( SUSE ): 5.9

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2024-44185 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2024-44185 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2024-44296 ( SUSE ): 2.1

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2024-44296 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

* CVE-2024-44296 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:4167-1
Release Date: 2024-12-04T10:32:21Z
Rating: important

Topics%20covered

Topics Covered

security advisory DoS arbitrary code execution important SUSE webkit2gtk3 data isolation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here