Security update for webkit2gtk3 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:0705-1 Final 1 1 2022-03-04T06:45:18Z current 2022-03-04T06:45:18Z 2022-03-04T06:45:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for webkit2gtk3 This update for webkit2gtk3 fixes the following issues: Update to version 2.34.6 (bsc#1196133): - CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution. Update to version 2.34.5 (bsc#1195735): - CVE-2022-22589: A validation issue was addressed with improved input sanitization. - CVE-2022-22590: A use after free issue was addressed with improved memory management. - CVE-2022-22592: A logic issue was addressed with improved state management. Update to version 2.34.4 (bsc#1195064): - CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling. - CVE-2021-30936: A use after free issue was addressed with improved memory management. - CVE-2021-30951: A use after free issue was addressed with improved memory management. - CVE-2021-30952: An integer overflow was addressed with improved input validation. - CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking. - CVE-2021-30954: A type confusion issue was addressed with improved memory handling. - CVE-2021-30984: A race condition was addressed with improved state handling. - CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation. The following CVEs were addressed in a previous update: - CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create. - CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild. - CVE-2021-45483: A use-after-free in WebCore::Frame::page. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-SLE-15.3-2022-705,openSUSE-SLE-15.4-2022-705 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/ E-Mail link for openSUSE-SU-2022:0705-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1195064 SUSE Bug 1195064 https://bugzilla.suse.com/1195735 SUSE Bug 1195735 https://bugzilla.suse.com/1196133 SUSE Bug 1196133 https://www.suse.com/security/cve/CVE-2021-30934/ SUSE CVE CVE-2021-30934 page https://www.suse.com/security/cve/CVE-2021-30936/ SUSE CVE CVE-2021-30936 page https://www.suse.com/security/cve/CVE-2021-30951/ SUSE CVE CVE-2021-30951 page https://www.suse.com/security/cve/CVE-2021-30952/ SUSE CVE CVE-2021-30952 page https://www.suse.com/security/cve/CVE-2021-30953/ SUSE CVE CVE-2021-30953 page https://www.suse.com/security/cve/CVE-2021-30954/ SUSE CVE CVE-2021-30954 page https://www.suse.com/security/cve/CVE-2021-30984/ SUSE CVE CVE-2021-30984 page https://www.suse.com/security/cve/CVE-2021-45481/ SUSE CVE CVE-2021-45481 page https://www.suse.com/security/cve/CVE-2021-45482/ SUSE CVE CVE-2021-45482 page https://www.suse.com/security/cve/CVE-2021-45483/ SUSE CVE CVE-2021-45483 page https://www.suse.com/security/cve/CVE-2022-22589/ SUSE CVE CVE-2022-22589 page https://www.suse.com/security/cve/CVE-2022-22590/ SUSE CVE CVE-2022-22590 page https://www.suse.com/security/cve/CVE-2022-22592/ SUSE CVE CVE-2022-22592 page https://www.suse.com/security/cve/CVE-2022-22620/ SUSE CVE CVE-2022-22620 page openSUSE Leap 15.3 libjavascriptcoregtk-4_0-18-2.34.6-29.1 libjavascriptcoregtk-4_0-18-32bit-2.34.6-29.1 libwebkit2gtk-4_0-37-2.34.6-29.1 libwebkit2gtk-4_0-37-32bit-2.34.6-29.1 libwebkit2gtk3-lang-2.34.6-29.1 typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 typelib-1_0-WebKit2-4_0-2.34.6-29.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 webkit-jsc-4-2.34.6-29.1 webkit2gtk-4_0-injected-bundles-2.34.6-29.1 webkit2gtk3-devel-2.34.6-29.1 webkit2gtk3-minibrowser-2.34.6-29.1 libjavascriptcoregtk-4_0-18-2.34.6-29.1 as a component of openSUSE Leap 15.3 libjavascriptcoregtk-4_0-18-32bit-2.34.6-29.1 as a component of openSUSE Leap 15.3 libwebkit2gtk-4_0-37-2.34.6-29.1 as a component of openSUSE Leap 15.3 libwebkit2gtk-4_0-37-32bit-2.34.6-29.1 as a component of openSUSE Leap 15.3 libwebkit2gtk3-lang-2.34.6-29.1 as a component of openSUSE Leap 15.3 typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 as a component of openSUSE Leap 15.3 typelib-1_0-WebKit2-4_0-2.34.6-29.1 as a component of openSUSE Leap 15.3 typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 as a component of openSUSE Leap 15.3 webkit-jsc-4-2.34.6-29.1 as a component of openSUSE Leap 15.3 webkit2gtk-4_0-injected-bundles-2.34.6-29.1 as a component of openSUSE Leap 15.3 webkit2gtk3-devel-2.34.6-29.1 as a component of openSUSE Leap 15.3 webkit2gtk3-minibrowser-2.34.6-29.1 as a component of openSUSE Leap 15.3 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30934 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-2.34.6-29.1 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk3-lang-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 openSUSE Leap 15.3:webkit-jsc-4-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk-4_0-injected-bundles-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-devel-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-minibrowser-2.34.6-29.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/ https://www.suse.com/security/cve/CVE-2021-30934.html CVE-2021-30934 https://bugzilla.suse.com/1195064 SUSE Bug 1195064 https://bugzilla.suse.com/1196393 SUSE Bug 1196393 A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30936 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-2.34.6-29.1 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk3-lang-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 openSUSE Leap 15.3:webkit-jsc-4-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk-4_0-injected-bundles-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-devel-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-minibrowser-2.34.6-29.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/ https://www.suse.com/security/cve/CVE-2021-30936.html CVE-2021-30936 https://bugzilla.suse.com/1195064 SUSE Bug 1195064 A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30951 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-2.34.6-29.1 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk3-lang-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 openSUSE Leap 15.3:webkit-jsc-4-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk-4_0-injected-bundles-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-devel-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-minibrowser-2.34.6-29.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/ https://www.suse.com/security/cve/CVE-2021-30951.html CVE-2021-30951 https://bugzilla.suse.com/1195064 SUSE Bug 1195064 An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30952 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-2.34.6-29.1 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk3-lang-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 openSUSE Leap 15.3:webkit-jsc-4-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk-4_0-injected-bundles-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-devel-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-minibrowser-2.34.6-29.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/ https://www.suse.com/security/cve/CVE-2021-30952.html CVE-2021-30952 https://bugzilla.suse.com/1195064 SUSE Bug 1195064 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30953 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-2.34.6-29.1 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk3-lang-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 openSUSE Leap 15.3:webkit-jsc-4-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk-4_0-injected-bundles-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-devel-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-minibrowser-2.34.6-29.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/ https://www.suse.com/security/cve/CVE-2021-30953.html CVE-2021-30953 https://bugzilla.suse.com/1195064 SUSE Bug 1195064 A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30954 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-2.34.6-29.1 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk3-lang-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 openSUSE Leap 15.3:webkit-jsc-4-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk-4_0-injected-bundles-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-devel-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-minibrowser-2.34.6-29.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/ https://www.suse.com/security/cve/CVE-2021-30954.html CVE-2021-30954 https://bugzilla.suse.com/1195064 SUSE Bug 1195064 A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30984 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-2.34.6-29.1 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk3-lang-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 openSUSE Leap 15.3:webkit-jsc-4-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk-4_0-injected-bundles-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-devel-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-minibrowser-2.34.6-29.1 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/ https://www.suse.com/security/cve/CVE-2021-30984.html CVE-2021-30984 https://bugzilla.suse.com/1195064 SUSE Bug 1195064 In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889. CVE-2021-45481 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-2.34.6-29.1 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk3-lang-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 openSUSE Leap 15.3:webkit-jsc-4-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk-4_0-injected-bundles-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-devel-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-minibrowser-2.34.6-29.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/ https://www.suse.com/security/cve/CVE-2021-45481.html CVE-2021-45481 https://bugzilla.suse.com/1194138 SUSE Bug 1194138 https://bugzilla.suse.com/1195064 SUSE Bug 1195064 In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889. CVE-2021-45482 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-2.34.6-29.1 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk3-lang-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 openSUSE Leap 15.3:webkit-jsc-4-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk-4_0-injected-bundles-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-devel-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-minibrowser-2.34.6-29.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/ https://www.suse.com/security/cve/CVE-2021-45482.html CVE-2021-45482 https://bugzilla.suse.com/1194136 SUSE Bug 1194136 https://bugzilla.suse.com/1195064 SUSE Bug 1195064 In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889. CVE-2021-45483 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-2.34.6-29.1 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk3-lang-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 openSUSE Leap 15.3:webkit-jsc-4-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk-4_0-injected-bundles-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-devel-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-minibrowser-2.34.6-29.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/ https://www.suse.com/security/cve/CVE-2021-45483.html CVE-2021-45483 https://bugzilla.suse.com/1194135 SUSE Bug 1194135 https://bugzilla.suse.com/1195064 SUSE Bug 1195064 A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. CVE-2022-22589 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-2.34.6-29.1 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk3-lang-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 openSUSE Leap 15.3:webkit-jsc-4-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk-4_0-injected-bundles-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-devel-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-minibrowser-2.34.6-29.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/ https://www.suse.com/security/cve/CVE-2022-22589.html CVE-2022-22589 https://bugzilla.suse.com/1195735 SUSE Bug 1195735 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-22590 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-2.34.6-29.1 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk3-lang-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 openSUSE Leap 15.3:webkit-jsc-4-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk-4_0-injected-bundles-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-devel-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-minibrowser-2.34.6-29.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/ https://www.suse.com/security/cve/CVE-2022-22590.html CVE-2022-22590 https://bugzilla.suse.com/1195735 SUSE Bug 1195735 A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. CVE-2022-22592 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-2.34.6-29.1 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk3-lang-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 openSUSE Leap 15.3:webkit-jsc-4-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk-4_0-injected-bundles-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-devel-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-minibrowser-2.34.6-29.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/ https://www.suse.com/security/cve/CVE-2022-22592.html CVE-2022-22592 https://bugzilla.suse.com/1195735 SUSE Bug 1195735 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. CVE-2022-22620 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-2.34.6-29.1 openSUSE Leap 15.3:libjavascriptcoregtk-4_0-18-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk-4_0-37-32bit-2.34.6-29.1 openSUSE Leap 15.3:libwebkit2gtk3-lang-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-JavaScriptCore-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2-4_0-2.34.6-29.1 openSUSE Leap 15.3:typelib-1_0-WebKit2WebExtension-4_0-2.34.6-29.1 openSUSE Leap 15.3:webkit-jsc-4-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk-4_0-injected-bundles-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-devel-2.34.6-29.1 openSUSE Leap 15.3:webkit2gtk3-minibrowser-2.34.6-29.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/ https://www.suse.com/security/cve/CVE-2022-22620.html CVE-2022-22620 https://bugzilla.suse.com/1196133 SUSE Bug 1196133