SUSE-SU-2022:1431-1 -- SLES webkit2gtk3, libwebkit2gtk3-lang, libjavascriptcoregtk, libwebkit2gtk-4_0-37, webkit2gtk-4_0-injected-bundles, typelib-1_0-JavaScriptCore-4_0, typelib-1_0-WebKit2-4_0, typelib-1_0-WebKit2WebExtension-4_0| ID: oval:org.secpod.oval:def:89047371 | Date: (C)2022-11-04 (M)2023-12-05 |
| Class: PATCH | Family: unix |
This update for webkit2gtk3 fixes the following issues: Update to version 2.36.0 : - CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution. - CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error. Missing CVE reference for the update to 2.34.6 : - CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API.
| Platform: |
| SUSE Linux Enterprise Desktop 15 SP4 |
| SUSE Linux Enterprise Server 15 SP4 |
| SUSE Linux Enterprise Server 15 SP3 |
| SUSE Linux Enterprise Desktop 15 SP3 |
| Product: |
| webkit2gtk3 |
| libwebkit2gtk3-lang |
| libjavascriptcoregtk |
| libwebkit2gtk-4_0-37 |
| webkit2gtk-4_0-injected-bundles |
| typelib-1_0-JavaScriptCore-4_0 |
| typelib-1_0-WebKit2-4_0 |
| typelib-1_0-WebKit2WebExtension-4_0 |
