SUSE-SU-2023:2065-1 -- SLES webkit2gtk3, webkit2gtk-4_0-injected-bundles, typelib-1_0-WebKit2-4_0, libjavascriptcoregtk, typelib-1_0-JavaScriptCore-4_0, libwebkit2gtk-4_0-37, typelib-1_0-WebKit2WebExtension-4_0, libwebkit2gtk-4_1-0, typelib-1_0-JavaScriptCore-4_1, typelib-1_0-WebKit2-4_1, typelib-1_0-WebKit2WebExtension-4_1, webkit2gtk-4_1-injected-bundles, typelib-1_0-WebKit2-5_0, webkit2gtk-5_0-injected-bundles, typelib-1_0-JavaScriptCore-5_0, libwebkit2gtk-5_0-0, webkit2gtk4-debugsource| ID: oval:org.secpod.oval:def:89048776 | Date: (C)2023-06-02 (M)2024-04-17 |
| Class: PATCH | Family: unix |
This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 : * CVE-2022-0108: Fixed information leak. * CVE-2022-32885: Fixed arbitrary code execution. * CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. * CVE-2023-27932: Fixed Same Origin Policy bypass. * CVE-2023-27954: Fixed sensitive user information tracking. * CVE-2023-28205: Fixed arbitrary code execution . Already fixed in version 2.38.5: * CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363.
| Platform: |
| SUSE Linux Enterprise Desktop 15 SP4 |
| SUSE Linux Enterprise Server 15 SP4 |
| Product: |
| webkit2gtk3 |
| webkit2gtk-4_0-injected-bundles |
| typelib-1_0-WebKit2-4_0 |
| libjavascriptcoregtk |
| typelib-1_0-JavaScriptCore-4_0 |
| libwebkit2gtk-4_0-37 |
| typelib-1_0-WebKit2WebExtension-4_0 |
| libwebkit2gtk-4_1-0 |
| typelib-1_0-JavaScriptCore-4_1 |
| typelib-1_0-WebKit2-4_1 |
| typelib-1_0-WebKit2WebExtension-4_1 |
| webkit2gtk-4_1-injected-bundles |
| typelib-1_0-WebKit2-5_0 |
| webkit2gtk-5_0-injected-bundles |
| typelib-1_0-JavaScriptCore-5_0 |
| libwebkit2gtk-5_0-0 |
| webkit2gtk4-debugsource |
