{"affected":[{"ecosystem_specific":{"binaries":[{"libjavascriptcoregtk-4_0-18":"2.30.3-3.9.3","libwebkit2gtk-4_0-37":"2.30.3-3.9.3","libwebkit2gtk3-lang":"2.30.3-3.9.3","webkit2gtk-4_0-injected-bundles":"2.30.3-3.9.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP2","name":"webkit2gtk3","purl":"pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.30.3-3.9.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"typelib-1_0-JavaScriptCore-4_0":"2.30.3-3.9.3","typelib-1_0-WebKit2-4_0":"2.30.3-3.9.3","typelib-1_0-WebKit2WebExtension-4_0":"2.30.3-3.9.3","webkit2gtk3-devel":"2.30.3-3.9.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP2","name":"webkit2gtk3","purl":"pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.30.3-3.9.3"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for webkit2gtk3 fixes the following issues:\n\n-webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451):\n   - CVE-2021-13543: Fixed a use after free which could have led to arbitrary code execution.\n   - CVE-2021-13584: Fixed a use after free which could have led to arbitrary code execution.\n   - CVE-2021-9948: Fixed a type confusion which could have led to arbitrary code execution.\n   - CVE-2021-9951: Fixed a use after free which could have led to arbitrary code execution.\n   - CVE-2021-9983: Fixed an out of bounds write which could have led to arbitrary code execution.\n   - Have the libwebkit2gtk package require libjavascriptcoregtk of\n     the same version (bsc#1171531).\n   - Enable c_loop on aarch64: currently needed for compilation to\n     succeed with JIT disabled. Also disable sampling profiler, since\n     it conflicts with c_loop (bsc#1177087).\n","id":"SUSE-SU-2020:3867-1","modified":"2020-12-17T11:39:39Z","published":"2020-12-17T11:39:39Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20203867-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1171531"},{"type":"REPORT","url":"https://bugzilla.suse.com/1177087"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179122"},{"type":"REPORT","url":"https://bugzilla.suse.com/1179451"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-13543"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-13584"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-9948"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-9951"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-9983"}],"related":["CVE-2020-13543","CVE-2020-13584","CVE-2020-9948","CVE-2020-9951","CVE-2020-9983"],"summary":"Security update for webkit2gtk3","upstream":["CVE-2020-13543","CVE-2020-13584","CVE-2020-9948","CVE-2020-9951","CVE-2020-9983"]}