Security update for webkit2gtk3 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:4211-1 Final 1 1 2023-10-26T08:28:14Z current 2023-10-26T08:28:14Z 2023-10-26T08:28:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for webkit2gtk3 This update for webkit2gtk3 fixes the following issues: - CVE-2023-41993: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215661). - CVE-2023-39928: Fixed a use-after-free that could be exploited to execute arbitrary code when visiting a malicious webpage (bsc#1215868). - CVE-2023-41074: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215870). Non-security fixes: - Fixed missing package dependencies (bsc#1215072). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-4211,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4211,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4211,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4211 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20234211-1/ Link for SUSE-SU-2023:4211-1 https://lists.suse.com/pipermail/sle-updates/2023-October/032389.html E-Mail link for SUSE-SU-2023:4211-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1213379 SUSE Bug 1213379 https://bugzilla.suse.com/1213581 SUSE Bug 1213581 https://bugzilla.suse.com/1213905 SUSE Bug 1213905 https://bugzilla.suse.com/1215072 SUSE Bug 1215072 https://bugzilla.suse.com/1215661 SUSE Bug 1215661 https://bugzilla.suse.com/1215866 SUSE Bug 1215866 https://bugzilla.suse.com/1215867 SUSE Bug 1215867 https://bugzilla.suse.com/1215868 SUSE Bug 1215868 https://bugzilla.suse.com/1215869 SUSE Bug 1215869 https://bugzilla.suse.com/1215870 SUSE Bug 1215870 https://bugzilla.suse.com/1216483 SUSE Bug 1216483 https://www.suse.com/security/cve/CVE-2023-32393/ SUSE CVE CVE-2023-32393 page https://www.suse.com/security/cve/CVE-2023-35074/ SUSE CVE CVE-2023-35074 page https://www.suse.com/security/cve/CVE-2023-37450/ SUSE CVE CVE-2023-37450 page https://www.suse.com/security/cve/CVE-2023-39434/ SUSE CVE CVE-2023-39434 page https://www.suse.com/security/cve/CVE-2023-39928/ SUSE CVE CVE-2023-39928 page https://www.suse.com/security/cve/CVE-2023-40451/ SUSE CVE CVE-2023-40451 page https://www.suse.com/security/cve/CVE-2023-41074/ SUSE CVE CVE-2023-41074 page https://www.suse.com/security/cve/CVE-2023-41993/ SUSE CVE CVE-2023-41993 page SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP1 libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 libjavascriptcoregtk-4_0-18-32bit-2.42.1-150000.3.153.1 libjavascriptcoregtk-4_0-18-64bit-2.42.1-150000.3.153.1 libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 libwebkit2gtk-4_0-37-32bit-2.42.1-150000.3.153.1 libwebkit2gtk-4_0-37-64bit-2.42.1-150000.3.153.1 libwebkit2gtk3-lang-2.42.1-150000.3.153.1 typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 webkit-jsc-4-2.42.1-150000.3.153.1 webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 webkit2gtk3-devel-2.42.1-150000.3.153.1 webkit2gtk3-minibrowser-2.42.1-150000.3.153.1 libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libwebkit2gtk3-lang-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS webkit2gtk3-devel-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libwebkit2gtk3-lang-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS webkit2gtk3-devel-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libwebkit2gtk3-lang-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 webkit2gtk3-devel-2.42.1-150000.3.153.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution. CVE-2023-32393 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.42.1-150000.3.153.1 important 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234211-1/ https://www.suse.com/security/cve/CVE-2023-32393.html CVE-2023-32393 https://bugzilla.suse.com/1213581 SUSE Bug 1213581 The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. CVE-2023-35074 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.42.1-150000.3.153.1 important 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234211-1/ https://www.suse.com/security/cve/CVE-2023-35074.html CVE-2023-35074 https://bugzilla.suse.com/1215866 SUSE Bug 1215866 https://bugzilla.suse.com/1217568 SUSE Bug 1217568 The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2023-37450 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.42.1-150000.3.153.1 important 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234211-1/ https://www.suse.com/security/cve/CVE-2023-37450.html CVE-2023-37450 https://bugzilla.suse.com/1213379 SUSE Bug 1213379 A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. CVE-2023-39434 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.42.1-150000.3.153.1 important 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234211-1/ https://www.suse.com/security/cve/CVE-2023-39434.html CVE-2023-39434 https://bugzilla.suse.com/1215867 SUSE Bug 1215867 https://bugzilla.suse.com/1217568 SUSE Bug 1217568 A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability. CVE-2023-39928 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.42.1-150000.3.153.1 important 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234211-1/ https://www.suse.com/security/cve/CVE-2023-39928.html CVE-2023-39928 https://bugzilla.suse.com/1215868 SUSE Bug 1215868 https://bugzilla.suse.com/1217568 SUSE Bug 1217568 This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code. CVE-2023-40451 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.42.1-150000.3.153.1 important 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234211-1/ https://www.suse.com/security/cve/CVE-2023-40451.html CVE-2023-40451 https://bugzilla.suse.com/1215869 SUSE Bug 1215869 https://bugzilla.suse.com/1217568 SUSE Bug 1217568 The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. CVE-2023-41074 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.42.1-150000.3.153.1 important 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234211-1/ https://www.suse.com/security/cve/CVE-2023-41074.html CVE-2023-41074 https://bugzilla.suse.com/1215870 SUSE Bug 1215870 https://bugzilla.suse.com/1217568 SUSE Bug 1217568 The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. CVE-2023-41993 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.42.1-150000.3.153.1 important 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234211-1/ https://www.suse.com/security/cve/CVE-2023-41993.html CVE-2023-41993 https://bugzilla.suse.com/1215661 SUSE Bug 1215661 https://bugzilla.suse.com/1217568 SUSE Bug 1217568