Security update for webkit2gtk3 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:1557-1 Final 1 1 2021-12-10T09:56:07Z current 2021-12-10T09:56:07Z 2021-12-10T09:56:07Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for webkit2gtk3 This update for webkit2gtk3 fixes the following issues: - CVE-2021-30846: Fixed memory corruption issue that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). - CVE-2021-30851: Fixed memory corruption vulnerability that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-1557 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IPGRR75P2BX5LLODQ77IAFNLCV2CKB4S/ E-Mail link for openSUSE-SU-2021:1557-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1192063 SUSE Bug 1192063 https://www.suse.com/security/cve/CVE-2021-30846/ SUSE CVE CVE-2021-30846 page https://www.suse.com/security/cve/CVE-2021-30851/ SUSE CVE CVE-2021-30851 page openSUSE Leap 15.2 libjavascriptcoregtk-4_0-18-2.34.1-lp152.2.25.3 libwebkit2gtk-4_0-37-2.34.1-lp152.2.25.3 libwebkit2gtk3-lang-2.34.1-lp152.2.25.3 typelib-1_0-JavaScriptCore-4_0-2.34.1-lp152.2.25.3 typelib-1_0-WebKit2-4_0-2.34.1-lp152.2.25.3 typelib-1_0-WebKit2WebExtension-4_0-2.34.1-lp152.2.25.3 webkit-jsc-4-2.34.1-lp152.2.25.3 webkit2gtk-4_0-injected-bundles-2.34.1-lp152.2.25.3 webkit2gtk3-devel-2.34.1-lp152.2.25.3 webkit2gtk3-minibrowser-2.34.1-lp152.2.25.3 libjavascriptcoregtk-4_0-18-2.34.1-lp152.2.25.3 as a component of openSUSE Leap 15.2 libwebkit2gtk-4_0-37-2.34.1-lp152.2.25.3 as a component of openSUSE Leap 15.2 libwebkit2gtk3-lang-2.34.1-lp152.2.25.3 as a component of openSUSE Leap 15.2 typelib-1_0-JavaScriptCore-4_0-2.34.1-lp152.2.25.3 as a component of openSUSE Leap 15.2 typelib-1_0-WebKit2-4_0-2.34.1-lp152.2.25.3 as a component of openSUSE Leap 15.2 typelib-1_0-WebKit2WebExtension-4_0-2.34.1-lp152.2.25.3 as a component of openSUSE Leap 15.2 webkit-jsc-4-2.34.1-lp152.2.25.3 as a component of openSUSE Leap 15.2 webkit2gtk-4_0-injected-bundles-2.34.1-lp152.2.25.3 as a component of openSUSE Leap 15.2 webkit2gtk3-devel-2.34.1-lp152.2.25.3 as a component of openSUSE Leap 15.2 webkit2gtk3-minibrowser-2.34.1-lp152.2.25.3 as a component of openSUSE Leap 15.2 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30846 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:libwebkit2gtk3-lang-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:webkit-jsc-4-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:webkit2gtk3-devel-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.34.1-lp152.2.25.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IPGRR75P2BX5LLODQ77IAFNLCV2CKB4S/ https://www.suse.com/security/cve/CVE-2021-30846.html CVE-2021-30846 https://bugzilla.suse.com/1192063 SUSE Bug 1192063 A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. CVE-2021-30851 openSUSE Leap 15.2:libjavascriptcoregtk-4_0-18-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:libwebkit2gtk-4_0-37-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:libwebkit2gtk3-lang-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:typelib-1_0-JavaScriptCore-4_0-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:typelib-1_0-WebKit2-4_0-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:typelib-1_0-WebKit2WebExtension-4_0-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:webkit-jsc-4-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:webkit2gtk-4_0-injected-bundles-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:webkit2gtk3-devel-2.34.1-lp152.2.25.3 openSUSE Leap 15.2:webkit2gtk3-minibrowser-2.34.1-lp152.2.25.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IPGRR75P2BX5LLODQ77IAFNLCV2CKB4S/ https://www.suse.com/security/cve/CVE-2021-30851.html CVE-2021-30851 https://bugzilla.suse.com/1192063 SUSE Bug 1192063