SUSE-SU-2022:1431-1 -- SLES webkit2gtk3, libjavascriptcoregtk, libwebkit2gtk-4_0-37, typelib-1_0-JavaScriptCore-4_0, typelib-1_0-WebKit2-4_0, typelib-1_0-WebKit2WebExtension-4_0, webkit2gtk-4_0-injected-bundles, libwebkit2gtk3-langID: oval:org.secpod.oval:def:89046271 | Date: (C)2022-05-25 (M)2024-05-22 |
Class: PATCH | Family: unix |
This update for webkit2gtk3 fixes the following issues: Update to version 2.36.0 : - CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution. - CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error. Missing CVE reference for the update to 2.34.6 : - CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API.
Platform: |
SUSE Linux Enterprise Server 15 SP2 |
Product: |
webkit2gtk3 |
libjavascriptcoregtk |
libwebkit2gtk-4_0-37 |
typelib-1_0-JavaScriptCore-4_0 |
typelib-1_0-WebKit2-4_0 |
typelib-1_0-WebKit2WebExtension-4_0 |
webkit2gtk-4_0-injected-bundles |
libwebkit2gtk3-lang |