SUSE-SU-2020:3867-1 -- SLES webkit2gtk3, libjavascriptcoregtk-4_0-18, libwebkit2gtk-4_0-37, webkit2gtk-4_0-injected-bundles, libwebkit2gtk3-lang, typelib-1_0-JavaScriptCore-4_0, typelib-1_0-WebKit2-4_0, typelib-1_0-WebKit2WebExtension-4_0ID: oval:org.secpod.oval:def:89050478 | Date: (C)2023-10-10 (M)2023-10-10 |
Class: PATCH | Family: unix |
This update for webkit2gtk3 fixes the following issues: -webkit2gtk3 was updated to version 2.30.3 : - CVE-2021-13543: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-13584: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-9948: Fixed a type confusion which could have led to arbitrary code execution. - CVE-2021-9951: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-9983: Fixed an out of bounds write which could have led to arbitrary code execution. - Have the libwebkit2gtk package require libjavascriptcoregtk of the same version . - Enable c_loop on aarch64: currently needed for compilation to succeed with JIT disabled. Also disable sampling profiler, since it conflicts with c_loop .
Platform: |
SUSE Linux Enterprise Server 15 SP2 |
SUSE Linux Enterprise Desktop 15 SP2 |
Product: |
webkit2gtk3 |
libjavascriptcoregtk-4_0-18 |
libwebkit2gtk-4_0-37 |
webkit2gtk-4_0-injected-bundles |
libwebkit2gtk3-lang |
typelib-1_0-JavaScriptCore-4_0 |
typelib-1_0-WebKit2-4_0 |
typelib-1_0-WebKit2WebExtension-4_0 |