Lucene search
SuseOPENSUSE-SU-2021:2598-1HistoryAug 03, 2021 - 12:00 a.m.
Security update for webkit2gtk3 (important)
2021-08-0300:00:00
lists.opensuse.org
191
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
An update that fixes 13 vulnerabilities is now available.
Description:
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.32.3:
- CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain
events are processed for ImageLoader objects. A specially crafted web
page can lead to a potential information leak and further memory
corruption. A victim must be tricked into visiting a malicious web page
to trigger this vulnerability. (bsc#1188697) - CVE-2021-21779: Fixed a use-after-free vulnerability in the way that
WebKit GraphicsContext handles certain events. A specially crafted web
page can lead to a potential information leak and further memory
corruption. A victim must be tricked into visiting a malicious web page
to trigger this vulnerability. (bsc#1188697) - CVE-2021-30663: An integer overflow was addressed with improved input
validation. (bsc#1188697) - CVE-2021-30665: A memory corruption issue was addressed with improved
state management. (bsc#1188697) - CVE-2021-30689: A logic issue was addressed with improved state
management. (bsc#1188697) - CVE-2021-30720: A logic issue was addressed with improved restrictions.
(bsc#1188697) - CVE-2021-30734: Multiple memory corruption issues were addressed with
improved memory handling. (bsc#1188697) - CVE-2021-30744: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins. (bsc#1188697) - CVE-2021-30749: Multiple memory corruption issues were addressed with
improved memory handling. (bsc#1188697) - CVE-2021-30758: A type confusion issue was addressed with improved state
handling. (bsc#1188697) - CVE-2021-30795: A use after free issue was addressed with improved
memory management. (bsc#1188697) - CVE-2021-30797: This issue was addressed with improved checks.
(bsc#1188697) - CVE-2021-30799: Multiple memory corruption issues were addressed with
improved memory handling. (bsc#1188697)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or โzypper patchโ.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-2598=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 15.3 | aarch64 | <ย - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm | |
| openSUSE Leap | 15.3 | ppc64le | <ย - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm | |
| openSUSE Leap | 15.3 | s390x | <ย - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm | |
| openSUSE Leap | 15.3 | x86_64 | <ย - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm | |
| openSUSE Leap | 15.3 | noarch | <ย - openSUSE Leap 15.3 (noarch): | - openSUSE Leap 15.3 (noarch):.noarch.rpm | |
| openSUSE Leap | 15.3 | x86_64 | <ย - openSUSE Leap 15.3 (x86_64): | - openSUSE Leap 15.3 (x86_64):.x86_64.rpm |
Related
suse
suse
Security update for webkit2gtk3 (important)
2021-08-10 00:00:00
osv
osv
webkit2gtk vulnerabilities
2021-07-28 16:33:22
webkit2gtk - security update
2021-07-28 00:00:00
Moderate: GNOME security, bug fix, and enhancement update
2021-11-09 09:15:15
fedora
fedora
[SECURITY] Fedora 33 Update: webkit2gtk3-2.32.3-1.fc33
2021-08-08 01:08:31
[SECURITY] Fedora 34 Update: webkit2gtk3-2.32.3-1.fc34
2021-07-29 01:09:31
archlinux
archlinux
[ASA-202107-68] wpewebkit: multiple issues
2021-07-27 00:00:00
[ASA-202107-67] webkit2gtk: multiple issues
2021-07-27 00:00:00
nessus
nessus
openSUSE 15 Security Update : webkit2gtk3 (openSUSE-SU-2021:1101-1)
2021-08-10 00:00:00
openSUSE 15 Security Update : webkit2gtk3 (openSUSE-SU-2021:2598-1)
2021-08-04 00:00:00
SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:2762-1)
2021-08-18 00:00:00
ubuntu
ubuntu
WebKitGTK vulnerabilities
2021-07-28 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2021-08-14 17:00:09
debian
debian
[SECURITY] [DSA 4945-1] webkit2gtk security update
2021-07-28 18:56:16
apple
apple
About the security content of Safari 14.1.1
2021-05-24 00:00:00
About the security content of Safari 14.1.2
2021-07-19 00:00:00
About the security content of Safari 14.1
2021-05-04 00:00:00
oraclelinux
oraclelinux
GNOME security, bug fix, and enhancement update
2021-11-16 00:00:00
almalinux
almalinux
Moderate: GNOME security, bug fix, and enhancement update
2021-11-09 09:15:15
rocky
rocky
GNOME security, bug fix, and enhancement update
2021-11-09 09:15:15
redhat
redhat
thn
thn
Appleโ Issues Patches to Combat Ongoing 0-Day Attacks on macOS, tvOS
2021-05-25 04:52:00
Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices
2021-07-27 07:28:00
redhatcve
redhatcve
ubuntucve
ubuntucve
cve
cve
debiancve
debiancve
alpinelinux
alpinelinux
prion
prion
Memory corruption
2021-09-08 14:15:00
Design/Logic Flaw
2021-07-08 12:15:00
Design/Logic Flaw
2021-09-08 14:15:00
gentoo
gentoo
WebkitGTK+: Multiple vulnerabilities
2022-02-01 00:00:00
zdt
zdt
veracode
veracode
Arbitrary Code Execution
2021-07-29 07:04:47
Denial Of Service (DoS)
2021-07-29 05:06:26
Privilege Escalation
2021-07-29 06:57:09
attackerkb
attackerkb
CVE-2021-30665
2021-09-08 00:00:00
CVE-2021-30663
2021-09-08 00:00:00
cisa_kev
cisa_kev
Apple Multiple Products Memory Corruption Vulnerability
2021-11-03 00:00:00
Apple Multiple Products Integer Overflow Vulnerability
2021-11-03 00:00:00
zdi
zdi
talos
talos
Webkit ImageLoader dispatchPendingErrorEvent use-after-free vulnerability
2021-06-02 00:00:00
Webkit WebCore::GraphicsContext use-after-free vulnerability
2021-06-02 00:00:00
packetstorm
packetstorm
threatpost
threatpost
Apple Fixes ZeroโDay Security Bugs Under Active Attack
2021-05-04 16:16:37
Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
2021-07-22 16:18:25
amazon
amazon
Important: webkitgtk4
2023-06-07 23:52:00
qualysblog
qualysblog
Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices
2021-10-18 07:41:18
Protect your Devices from Pegasus Spyware using VMDR for Mobile Devicesโ Proactive Approach
2021-07-23 16:31:38
Qualys Response to CISA Alert: Binding Operational Directive 22-01
2021-11-09 06:15:01
malwarebytes
malwarebytes
Update now! Apple patches another privilege escalation bug in iOS and iPadOS
2021-10-12 16:07:53
securelist
securelist
IT threat evolution in Q2 2021. PC statistics
2021-08-12 10:00:12
ibm
ibm
googleprojectzero
googleprojectzero
The More You Know, The More You Know You Donโt Know
2022-04-19 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related for OPENSUSE-SU-2021:2598-1