Security update for webkit2gtk3 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:2078-1 Final 1 1 2023-04-29T05:07:42Z current 2023-04-29T05:07:42Z 2023-04-29T05:07:42Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for webkit2gtk3 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 (bsc#1210731): - CVE-2022-0108: Fixed information leak. - CVE-2022-32885: Fixed arbitrary code execution. - CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. - CVE-2023-27932: Fixed Same Origin Policy bypass. - CVE-2023-27954: Fixed sensitive user information tracking. - CVE-2023-28205: Fixed arbitrary code execution (bsc#1210295). Already fixed in version 2.38.5: - CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-2078,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2078,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2078,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2078 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20232078-1/ Link for SUSE-SU-2023:2078-1 https://lists.suse.com/pipermail/sle-security-updates/2023-May/014714.html E-Mail link for SUSE-SU-2023:2078-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1210295 SUSE Bug 1210295 https://bugzilla.suse.com/1210731 SUSE Bug 1210731 https://www.suse.com/security/cve/CVE-2022-0108/ SUSE CVE CVE-2022-0108 page https://www.suse.com/security/cve/CVE-2022-32885/ SUSE CVE CVE-2022-32885 page https://www.suse.com/security/cve/CVE-2022-32886/ SUSE CVE CVE-2022-32886 page https://www.suse.com/security/cve/CVE-2022-32912/ SUSE CVE CVE-2022-32912 page https://www.suse.com/security/cve/CVE-2023-25358/ SUSE CVE CVE-2023-25358 page https://www.suse.com/security/cve/CVE-2023-25360/ SUSE CVE CVE-2023-25360 page https://www.suse.com/security/cve/CVE-2023-25361/ SUSE CVE CVE-2023-25361 page https://www.suse.com/security/cve/CVE-2023-25362/ SUSE CVE CVE-2023-25362 page https://www.suse.com/security/cve/CVE-2023-25363/ SUSE CVE CVE-2023-25363 page https://www.suse.com/security/cve/CVE-2023-27932/ SUSE CVE CVE-2023-27932 page https://www.suse.com/security/cve/CVE-2023-27954/ SUSE CVE CVE-2023-27954 page https://www.suse.com/security/cve/CVE-2023-28205/ SUSE CVE CVE-2023-28205 page SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP1 libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 libjavascriptcoregtk-4_0-18-32bit-2.38.6-150000.3.139.1 libjavascriptcoregtk-4_0-18-64bit-2.38.6-150000.3.139.1 libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 libwebkit2gtk-4_0-37-32bit-2.38.6-150000.3.139.1 libwebkit2gtk-4_0-37-64bit-2.38.6-150000.3.139.1 libwebkit2gtk3-lang-2.38.6-150000.3.139.1 typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 webkit-jsc-4-2.38.6-150000.3.139.1 webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 webkit2gtk3-devel-2.38.6-150000.3.139.1 webkit2gtk3-minibrowser-2.38.6-150000.3.139.1 libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libwebkit2gtk3-lang-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS webkit2gtk3-devel-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libwebkit2gtk3-lang-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS webkit2gtk3-devel-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libwebkit2gtk3-lang-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 webkit2gtk3-devel-2.38.6-150000.3.139.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2022-0108 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.38.6-150000.3.139.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232078-1/ https://www.suse.com/security/cve/CVE-2022-0108.html CVE-2022-0108 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1210731 SUSE Bug 1210731 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution CVE-2022-32885 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.38.6-150000.3.139.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232078-1/ https://www.suse.com/security/cve/CVE-2022-32885.html CVE-2022-32885 https://bugzilla.suse.com/1210731 SUSE Bug 1210731 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-32886 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.38.6-150000.3.139.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232078-1/ https://www.suse.com/security/cve/CVE-2022-32886.html CVE-2022-32886 https://bugzilla.suse.com/1203530 SUSE Bug 1203530 https://bugzilla.suse.com/1204100 SUSE Bug 1204100 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-32912 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.38.6-150000.3.139.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232078-1/ https://www.suse.com/security/cve/CVE-2022-32912.html CVE-2022-32912 https://bugzilla.suse.com/1203530 SUSE Bug 1203530 A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. CVE-2023-25358 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.38.6-150000.3.139.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232078-1/ https://www.suse.com/security/cve/CVE-2023-25358.html CVE-2023-25358 https://bugzilla.suse.com/1208897 SUSE Bug 1208897 https://bugzilla.suse.com/1210731 SUSE Bug 1210731 A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. CVE-2023-25360 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.38.6-150000.3.139.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232078-1/ https://www.suse.com/security/cve/CVE-2023-25360.html CVE-2023-25360 https://bugzilla.suse.com/1208893 SUSE Bug 1208893 https://bugzilla.suse.com/1210731 SUSE Bug 1210731 A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. CVE-2023-25361 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.38.6-150000.3.139.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232078-1/ https://www.suse.com/security/cve/CVE-2023-25361.html CVE-2023-25361 https://bugzilla.suse.com/1208894 SUSE Bug 1208894 https://bugzilla.suse.com/1210731 SUSE Bug 1210731 A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. CVE-2023-25362 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.38.6-150000.3.139.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232078-1/ https://www.suse.com/security/cve/CVE-2023-25362.html CVE-2023-25362 https://bugzilla.suse.com/1208895 SUSE Bug 1208895 https://bugzilla.suse.com/1210731 SUSE Bug 1210731 A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. CVE-2023-25363 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.38.6-150000.3.139.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232078-1/ https://www.suse.com/security/cve/CVE-2023-25363.html CVE-2023-25363 https://bugzilla.suse.com/1208896 SUSE Bug 1208896 https://bugzilla.suse.com/1210731 SUSE Bug 1210731 This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy. CVE-2023-27932 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.38.6-150000.3.139.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232078-1/ https://www.suse.com/security/cve/CVE-2023-27932.html CVE-2023-27932 https://bugzilla.suse.com/1210731 SUSE Bug 1210731 The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information. CVE-2023-27954 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.38.6-150000.3.139.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232078-1/ https://www.suse.com/security/cve/CVE-2023-27954.html CVE-2023-27954 https://bugzilla.suse.com/1210731 SUSE Bug 1210731 A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2023-28205 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server 15 SP1-LTSS:webkit2gtk3-devel-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libjavascriptcoregtk-4_0-18-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk-4_0-37-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libwebkit2gtk3-lang-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-JavaScriptCore-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk-4_0-injected-bundles-2.38.6-150000.3.139.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:webkit2gtk3-devel-2.38.6-150000.3.139.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232078-1/ https://www.suse.com/security/cve/CVE-2023-28205.html CVE-2023-28205 https://bugzilla.suse.com/1210295 SUSE Bug 1210295 https://bugzilla.suse.com/1210731 SUSE Bug 1210731