Security update for webkit2gtk3 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0637-1 Final 1 1 2021-04-30T19:23:01Z current 2021-04-30T19:23:01Z 2021-04-30T19:23:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for webkit2gtk3 This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.0 (bsc#1184155): * Fix the authentication request port when URL omits the port. * Fix iframe scrolling when main frame is scrolled in async * scrolling mode. * Stop using g_memdup. * Show a warning message when overriding signal handler for * threading suspension. * Fix the build on RISC-V with GCC 11. * Fix several crashes and rendering issues. * Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871 - Update in version 2.30.6 (bsc#1184262): * Update user agent quirks again for Google Docs and Google Drive. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765 CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870. - Update _constraints for armv6/armv7 (bsc#1182719) - restore NPAPI plugin support which was removed in 2.32.0 This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-637 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLZ5MXMQE5PW2OZS4ZK2IAEG3Y3AFJVD/ E-Mail link for openSUSE-SU-2021:0637-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1182719 SUSE Bug 1182719 https://bugzilla.suse.com/1184155 SUSE Bug 1184155 https://bugzilla.suse.com/1184262 SUSE Bug 1184262 https://www.suse.com/security/cve/CVE-2020-27918/ SUSE CVE CVE-2020-27918 page https://www.suse.com/security/cve/CVE-2020-29623/ SUSE CVE CVE-2020-29623 page https://www.suse.com/security/cve/CVE-2021-1765/ SUSE CVE CVE-2021-1765 page https://www.suse.com/security/cve/CVE-2021-1788/ SUSE CVE CVE-2021-1788 page https://www.suse.com/security/cve/CVE-2021-1789/ SUSE CVE CVE-2021-1789 page https://www.suse.com/security/cve/CVE-2021-1799/ SUSE CVE CVE-2021-1799 page https://www.suse.com/security/cve/CVE-2021-1801/ SUSE CVE CVE-2021-1801 page https://www.suse.com/security/cve/CVE-2021-1844/ SUSE CVE CVE-2021-1844 page https://www.suse.com/security/cve/CVE-2021-1870/ SUSE CVE CVE-2021-1870 page https://www.suse.com/security/cve/CVE-2021-1871/ SUSE CVE CVE-2021-1871 page openSUSE Leap 15.2 libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1 libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1 libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1 libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1 libwebkit2gtk3-lang-2.32.0-lp152.2.13.1 typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1 typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1 webkit-jsc-4-2.32.0-lp152.2.13.1 webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1 webkit2gtk3-devel-2.32.0-lp152.2.13.1 webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1 libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1 as a component of openSUSE Leap 15.2 libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1 as a component of openSUSE Leap 15.2 libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1 as a component of openSUSE Leap 15.2 libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1 as a component of openSUSE Leap 15.2 libwebkit2gtk3-lang-2.32.0-lp152.2.13.1 as a component of openSUSE Leap 15.2 typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1 as a component of openSUSE Leap 15.2 typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1 as a component of openSUSE Leap 15.2 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1 as a component of openSUSE Leap 15.2 webkit-jsc-4-2.32.0-lp152.2.13.1 as a component of openSUSE Leap 15.2 webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1 as a component of openSUSE Leap 15.2 webkit2gtk3-devel-2.32.0-lp152.2.13.1 as a component of openSUSE Leap 15.2 webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1 as a component of openSUSE Leap 15.2 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-27918 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLZ5MXMQE5PW2OZS4ZK2IAEG3Y3AFJVD/ https://www.suse.com/security/cve/CVE-2020-27918.html CVE-2020-27918 https://bugzilla.suse.com/1184262 SUSE Bug 1184262 "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. CVE-2020-29623 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1 important 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLZ5MXMQE5PW2OZS4ZK2IAEG3Y3AFJVD/ https://www.suse.com/security/cve/CVE-2020-29623.html CVE-2020-29623 https://bugzilla.suse.com/1184262 SUSE Bug 1184262 This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. CVE-2021-1765 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLZ5MXMQE5PW2OZS4ZK2IAEG3Y3AFJVD/ https://www.suse.com/security/cve/CVE-2021-1765.html CVE-2021-1765 https://bugzilla.suse.com/1184262 SUSE Bug 1184262 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-1788 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLZ5MXMQE5PW2OZS4ZK2IAEG3Y3AFJVD/ https://www.suse.com/security/cve/CVE-2021-1788.html CVE-2021-1788 https://bugzilla.suse.com/1184155 SUSE Bug 1184155 A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-1789 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLZ5MXMQE5PW2OZS4ZK2IAEG3Y3AFJVD/ https://www.suse.com/security/cve/CVE-2021-1789.html CVE-2021-1789 https://bugzilla.suse.com/1184262 SUSE Bug 1184262 A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. CVE-2021-1799 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLZ5MXMQE5PW2OZS4ZK2IAEG3Y3AFJVD/ https://www.suse.com/security/cve/CVE-2021-1799.html CVE-2021-1799 https://bugzilla.suse.com/1184262 SUSE Bug 1184262 This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. CVE-2021-1801 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLZ5MXMQE5PW2OZS4ZK2IAEG3Y3AFJVD/ https://www.suse.com/security/cve/CVE-2021-1801.html CVE-2021-1801 https://bugzilla.suse.com/1184262 SUSE Bug 1184262 A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-1844 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLZ5MXMQE5PW2OZS4ZK2IAEG3Y3AFJVD/ https://www.suse.com/security/cve/CVE-2021-1844.html CVE-2021-1844 https://bugzilla.suse.com/1184155 SUSE Bug 1184155 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. CVE-2021-1870 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLZ5MXMQE5PW2OZS4ZK2IAEG3Y3AFJVD/ https://www.suse.com/security/cve/CVE-2021-1870.html CVE-2021-1870 https://bugzilla.suse.com/1184262 SUSE Bug 1184262 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. CVE-2021-1871 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:libwebkit2gtk3-lang-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit-jsc-4-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-devel-2.32.0-lp152.2.13.1 openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLZ5MXMQE5PW2OZS4ZK2IAEG3Y3AFJVD/ https://www.suse.com/security/cve/CVE-2021-1871.html CVE-2021-1871 https://bugzilla.suse.com/1184155 SUSE Bug 1184155