Security update for webkit2gtk3 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1976-1 Final 1 1 2024-06-11T07:36:06Z current 2024-06-11T07:36:06Z 2024-06-11T07:36:06Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for webkit2gtk3 This update for webkit2gtk3 fixes the following issues: - Update to version 2.44.2 (bsc#1225071) - CVE-2024-27834: Fixed a vulnerability where an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. (bsc#1225071) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-1976,SUSE-SLE-SDK-12-SP5-2024-1976,SUSE-SLE-SERVER-12-SP5-2024-1976,SUSE-SLE-WE-12-SP5-2024-1976 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241976-1/ Link for SUSE-SU-2024:1976-1 https://lists.suse.com/pipermail/sle-updates/2024-June/035539.html E-Mail link for SUSE-SU-2024:1976-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1215868 SUSE Bug 1215868 https://bugzilla.suse.com/1215869 SUSE Bug 1215869 https://bugzilla.suse.com/1215870 SUSE Bug 1215870 https://bugzilla.suse.com/1218033 SUSE Bug 1218033 https://bugzilla.suse.com/1222905 SUSE Bug 1222905 https://bugzilla.suse.com/1225071 SUSE Bug 1225071 https://www.suse.com/security/cve/CVE-2023-42843/ SUSE CVE CVE-2023-42843 page https://www.suse.com/security/cve/CVE-2023-42950/ SUSE CVE CVE-2023-42950 page https://www.suse.com/security/cve/CVE-2023-42956/ SUSE CVE CVE-2023-42956 page https://www.suse.com/security/cve/CVE-2024-23226/ SUSE CVE CVE-2024-23226 page https://www.suse.com/security/cve/CVE-2024-23252/ SUSE CVE CVE-2024-23252 page https://www.suse.com/security/cve/CVE-2024-23254/ SUSE CVE CVE-2024-23254 page https://www.suse.com/security/cve/CVE-2024-23263/ SUSE CVE CVE-2024-23263 page https://www.suse.com/security/cve/CVE-2024-23280/ SUSE CVE CVE-2024-23280 page https://www.suse.com/security/cve/CVE-2024-23284/ SUSE CVE CVE-2024-23284 page https://www.suse.com/security/cve/CVE-2024-27834/ SUSE CVE CVE-2024-27834 page SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SP5 libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 libjavascriptcoregtk-4_0-18-32bit-2.44.2-4.7.1 libjavascriptcoregtk-4_0-18-64bit-2.44.2-4.7.1 libwebkit2gtk-4_0-37-2.44.2-4.7.1 libwebkit2gtk-4_0-37-32bit-2.44.2-4.7.1 libwebkit2gtk-4_0-37-64bit-2.44.2-4.7.1 libwebkit2gtk3-lang-2.44.2-4.7.1 typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 webkit-jsc-4-2.44.2-4.7.1 webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 webkit2gtk3-devel-2.44.2-4.7.1 webkit2gtk3-minibrowser-2.44.2-4.7.1 libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Server 12 SP5 libwebkit2gtk-4_0-37-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Server 12 SP5 libwebkit2gtk3-lang-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Server 12 SP5 typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Server 12 SP5 typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Server 12 SP5 typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Server 12 SP5 webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Server 12 SP5 libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libwebkit2gtk-4_0-37-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libwebkit2gtk3-lang-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 webkit2gtk3-devel-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libjavascriptcoregtk-4_0-18-32bit-2.44.2-4.7.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing. CVE-2023-42843 SUSE Linux Enterprise Server 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:webkit2gtk3-devel-2.44.2-4.7.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libjavascriptcoregtk-4_0-18-32bit-2.44.2-4.7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241976-1/ https://www.suse.com/security/cve/CVE-2023-42843.html CVE-2023-42843 https://bugzilla.suse.com/1222010 SUSE Bug 1222010 A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2023-42950 SUSE Linux Enterprise Server 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:webkit2gtk3-devel-2.44.2-4.7.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libjavascriptcoregtk-4_0-18-32bit-2.44.2-4.7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241976-1/ https://www.suse.com/security/cve/CVE-2023-42950.html CVE-2023-42950 https://bugzilla.suse.com/1222010 SUSE Bug 1222010 The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. CVE-2023-42956 SUSE Linux Enterprise Server 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:webkit2gtk3-devel-2.44.2-4.7.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libjavascriptcoregtk-4_0-18-32bit-2.44.2-4.7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241976-1/ https://www.suse.com/security/cve/CVE-2023-42956.html CVE-2023-42956 https://bugzilla.suse.com/1222010 SUSE Bug 1222010 The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution. CVE-2024-23226 SUSE Linux Enterprise Server 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:webkit2gtk3-devel-2.44.2-4.7.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libjavascriptcoregtk-4_0-18-32bit-2.44.2-4.7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241976-1/ https://www.suse.com/security/cve/CVE-2024-23226.html CVE-2024-23226 https://bugzilla.suse.com/1222905 SUSE Bug 1222905 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2024-23252 SUSE Linux Enterprise Server 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:webkit2gtk3-devel-2.44.2-4.7.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libjavascriptcoregtk-4_0-18-32bit-2.44.2-4.7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241976-1/ https://www.suse.com/security/cve/CVE-2024-23252.html CVE-2024-23252 https://bugzilla.suse.com/1222010 SUSE Bug 1222010 The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin. CVE-2024-23254 SUSE Linux Enterprise Server 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:webkit2gtk3-devel-2.44.2-4.7.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libjavascriptcoregtk-4_0-18-32bit-2.44.2-4.7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241976-1/ https://www.suse.com/security/cve/CVE-2024-23254.html CVE-2024-23254 https://bugzilla.suse.com/1222010 SUSE Bug 1222010 A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. CVE-2024-23263 SUSE Linux Enterprise Server 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:webkit2gtk3-devel-2.44.2-4.7.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libjavascriptcoregtk-4_0-18-32bit-2.44.2-4.7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241976-1/ https://www.suse.com/security/cve/CVE-2024-23263.html CVE-2024-23263 https://bugzilla.suse.com/1222010 SUSE Bug 1222010 An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user. CVE-2024-23280 SUSE Linux Enterprise Server 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:webkit2gtk3-devel-2.44.2-4.7.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libjavascriptcoregtk-4_0-18-32bit-2.44.2-4.7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241976-1/ https://www.suse.com/security/cve/CVE-2024-23280.html CVE-2024-23280 https://bugzilla.suse.com/1222010 SUSE Bug 1222010 A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. CVE-2024-23284 SUSE Linux Enterprise Server 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:webkit2gtk3-devel-2.44.2-4.7.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libjavascriptcoregtk-4_0-18-32bit-2.44.2-4.7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241976-1/ https://www.suse.com/security/cve/CVE-2024-23284.html CVE-2024-23284 https://bugzilla.suse.com/1222010 SUSE Bug 1222010 The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. CVE-2024-27834 SUSE Linux Enterprise Server 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libjavascriptcoregtk-4_0-18-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk-4_0-37-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libwebkit2gtk3-lang-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:webkit2gtk-4_0-injected-bundles-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.44.2-4.7.1 SUSE Linux Enterprise Software Development Kit 12 SP5:webkit2gtk3-devel-2.44.2-4.7.1 SUSE Linux Enterprise Workstation Extension 12 SP5:libjavascriptcoregtk-4_0-18-32bit-2.44.2-4.7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241976-1/ https://www.suse.com/security/cve/CVE-2024-27834.html CVE-2024-27834 https://bugzilla.suse.com/1225071 SUSE Bug 1225071