Security update for webkit2gtk3 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:4079-1 Final 1 1 2024-12-06T16:38:00Z current 2024-12-06T16:38:00Z 2024-12-06T16:38:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for webkit2gtk3 This update for webkit2gtk3 fixes the following issues: Update to version 2.46.3 (bsc#1232747): - CVE-2024-44244: Processing maliciously crafted web content may lead to an unexpected process crash. - CVE-2024-44296: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. New references to version 2.46.0 (boo#1231039): - CVE-2024-44185: Processing maliciously crafted web content may lead to an unexpected process crash. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-4079,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-4079 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20244079-1/ Link for SUSE-SU-2024:4079-1 https://lists.suse.com/pipermail/sle-security-updates/2024-November/019853.html E-Mail link for SUSE-SU-2024:4079-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1231039 SUSE Bug 1231039 https://bugzilla.suse.com/1232747 SUSE Bug 1232747 https://www.suse.com/security/cve/CVE-2024-44244/ SUSE CVE CVE-2024-44244 page https://www.suse.com/security/cve/CVE-2024-44296/ SUSE CVE CVE-2024-44296 page https://www.suse.com/security/cve/CVE-2024-46185/ SUSE CVE CVE-2024-46185 page SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libjavascriptcoregtk-4_0-18-2.46.3-4.18.2 libjavascriptcoregtk-4_0-18-32bit-2.46.3-4.18.2 libjavascriptcoregtk-4_0-18-64bit-2.46.3-4.18.2 libwebkit2gtk-4_0-37-2.46.3-4.18.2 libwebkit2gtk-4_0-37-32bit-2.46.3-4.18.2 libwebkit2gtk-4_0-37-64bit-2.46.3-4.18.2 libwebkit2gtk3-lang-2.46.3-4.18.2 typelib-1_0-JavaScriptCore-4_0-2.46.3-4.18.2 typelib-1_0-WebKit2-4_0-2.46.3-4.18.2 typelib-1_0-WebKit2WebExtension-4_0-2.46.3-4.18.2 webkit-jsc-4-2.46.3-4.18.2 webkit2gtk-4_0-injected-bundles-2.46.3-4.18.2 webkit2gtk3-devel-2.46.3-4.18.2 webkit2gtk3-minibrowser-2.46.3-4.18.2 libjavascriptcoregtk-4_0-18-2.46.3-4.18.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libwebkit2gtk-4_0-37-2.46.3-4.18.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libwebkit2gtk3-lang-2.46.3-4.18.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 typelib-1_0-JavaScriptCore-4_0-2.46.3-4.18.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 typelib-1_0-WebKit2-4_0-2.46.3-4.18.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 typelib-1_0-WebKit2WebExtension-4_0-2.46.3-4.18.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 webkit2gtk-4_0-injected-bundles-2.46.3-4.18.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-44244 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.46.3-4.18.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20244079-1/ https://www.suse.com/security/cve/CVE-2024-44244.html CVE-2024-44244 https://bugzilla.suse.com/1232747 SUSE Bug 1232747 The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. CVE-2024-44296 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.46.3-4.18.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20244079-1/ https://www.suse.com/security/cve/CVE-2024-44296.html CVE-2024-44296 https://bugzilla.suse.com/1232747 SUSE Bug 1232747 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-46185 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libjavascriptcoregtk-4_0-18-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk-4_0-37-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libwebkit2gtk3-lang-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-JavaScriptCore-4_0-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2-4_0-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-WebKit2WebExtension-4_0-2.46.3-4.18.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:webkit2gtk-4_0-injected-bundles-2.46.3-4.18.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20244079-1/ https://www.suse.com/security/cve/CVE-2024-46185.html CVE-2024-46185