Lucene search

K
suseSuseOPENSUSE-SU-2020:2310-1
HistoryDec 21, 2020 - 12:00 a.m.

Security update for webkit2gtk3 (important)

2020-12-2100:00:00
lists.opensuse.org
30
webkit2gtk3
v2.30.3
cve-2021-13543
cve-2021-13584
cve-2021-9948
cve-2021-9951
cve-2021-9983
libwebkit2gtk
libjavascriptcoregtk
suse
sle-15-sp2
update
security
vulnerabilities

EPSS

0.017

Percentile

87.9%

An update that fixes 5 vulnerabilities is now available.

Description:

This update for webkit2gtk3 fixes the following issues:

-webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451):
- CVE-2021-13543: Fixed a use after free which could have led to
arbitrary code execution.
- CVE-2021-13584: Fixed a use after free which could have led to
arbitrary code execution.
- CVE-2021-9948: Fixed a type confusion which could have led to
arbitrary code execution.
- CVE-2021-9951: Fixed a use after free which could have led to
arbitrary code execution.
- CVE-2021-9983: Fixed an out of bounds write which could have led to
arbitrary code execution.
- Have the libwebkit2gtk package require libjavascriptcoregtk of the
same version (bsc#1171531).
- Enable c_loop on aarch64: currently needed for compilation to succeed
with JIT disabled. Also disable sampling profiler, since it conflicts
with c_loop (bsc#1177087).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.2:

    zypper in -t patch openSUSE-2020-2310=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.2i586< - openSUSE Leap 15.2 (i586 x86_64):- openSUSE Leap 15.2 (i586 x86_64):.i586.rpm
openSUSE Leap15.2x86_64< - openSUSE Leap 15.2 (i586 x86_64):- openSUSE Leap 15.2 (i586 x86_64):.x86_64.rpm
openSUSE Leap15.2x86_64< - openSUSE Leap 15.2 (x86_64):- openSUSE Leap 15.2 (x86_64):.x86_64.rpm
openSUSE Leap15.2noarch< - openSUSE Leap 15.2 (noarch):- openSUSE Leap 15.2 (noarch):.noarch.rpm