SUSE-SU-2023:4561-1 -- SLES webkit2gtk3, WebKitGTK-4.0-lang, typelib-1_0-WebKit2-4_0, webkit2gtk-4_0-injected-bundles, libwebkit2gtk-4_0-37, libjavascriptcoregtk-4_0-18, typelib-1_0-WebKit2WebExtension-4_0, typelib-1_0-JavaScriptCore-4_0, WebKitGTK-4.1-lang, typelib-1_0-WebKit2WebExtension-4_1, webkit2gtk-4_1-injected-bundles, typelib-1_0-JavaScriptCore-4_1, typelib-1_0-WebKit2-4_1, libwebkit2gtk-4_1-0, libjavascriptcoregtk-4_1-0ID: oval:org.secpod.oval:def:89051160 | Date: (C)2024-01-23 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update for webkit2gtk3 fixes the following issues: Update to version 2.42.2 : * CVE-2023-41983: Processing web content may lead to a denial-of-service. * CVE-2023-42852: Processing web content may lead to arbitrary code execution. Already previously fixed: * CVE-2022-32919: Visiting a website that frames malicious content may lead to UI spoofing . * CVE-2022-32933: A website may be able to track the websites a user visited in private browsing mode . * CVE-2022-46705: Visiting a malicious website may lead to address bar spoofing . * CVE-2022-46725: Visiting a malicious website may lead to address bar spoofing . * CVE-2023-32359: A user's password may be read aloud by a text-to-speech accessibility feature .
Platform: |
SUSE Linux Enterprise Desktop 15 SP4 |
SUSE Linux Enterprise Desktop 15 SP5 |
SUSE Linux Enterprise Server 15 SP4 |
SUSE Linux Enterprise Server 15 SP5 |
Product: |
webkit2gtk3 |
WebKitGTK-4.0-lang |
typelib-1_0-WebKit2-4_0 |
webkit2gtk-4_0-injected-bundles |
libwebkit2gtk-4_0-37 |
libjavascriptcoregtk-4_0-18 |
typelib-1_0-WebKit2WebExtension-4_0 |
typelib-1_0-JavaScriptCore-4_0 |
WebKitGTK-4.1-lang |
typelib-1_0-WebKit2WebExtension-4_1 |
webkit2gtk-4_1-injected-bundles |
typelib-1_0-JavaScriptCore-4_1 |
typelib-1_0-WebKit2-4_1 |
libwebkit2gtk-4_1-0 |
libjavascriptcoregtk-4_1-0 |