{"affected":[{"ecosystem_specific":{"binaries":[{"libjavascriptcoregtk-4_0-18":"2.34.6-29.1","libjavascriptcoregtk-4_0-18-32bit":"2.34.6-29.1","libwebkit2gtk-4_0-37":"2.34.6-29.1","libwebkit2gtk-4_0-37-32bit":"2.34.6-29.1","libwebkit2gtk3-lang":"2.34.6-29.1","typelib-1_0-JavaScriptCore-4_0":"2.34.6-29.1","typelib-1_0-WebKit2-4_0":"2.34.6-29.1","typelib-1_0-WebKit2WebExtension-4_0":"2.34.6-29.1","webkit-jsc-4":"2.34.6-29.1","webkit2gtk-4_0-injected-bundles":"2.34.6-29.1","webkit2gtk3-devel":"2.34.6-29.1","webkit2gtk3-minibrowser":"2.34.6-29.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"webkit2gtk3","purl":"pkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.34.6-29.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for webkit2gtk3 fixes the following issues:\n\nUpdate to version 2.34.6 (bsc#1196133):\n\n- CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution.\n\nUpdate to version 2.34.5 (bsc#1195735):\n\n- CVE-2022-22589: A validation issue was addressed with improved input sanitization.\n- CVE-2022-22590: A use after free issue was addressed with improved memory management.\n- CVE-2022-22592: A logic issue was addressed with improved state management.\n\nUpdate to version 2.34.4 (bsc#1195064):\n\n- CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling.\n- CVE-2021-30936: A use after free issue was addressed with improved memory management.\n- CVE-2021-30951: A use after free issue was addressed with improved memory management.\n- CVE-2021-30952: An integer overflow was addressed with improved input validation.\n- CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking.\n- CVE-2021-30954: A type confusion issue was addressed with improved memory handling.\n- CVE-2021-30984: A race condition was addressed with improved state handling.\n- CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation.\n\nThe following CVEs were addressed in a previous update:\n\n- CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create.\n- CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild.\n- CVE-2021-45483: A use-after-free in WebCore::Frame::page.\n","id":"openSUSE-SU-2022:0705-1","modified":"2022-03-04T06:45:18Z","published":"2022-03-04T06:45:18Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4Z4NVNJOFDH7QHR6XKK6NVIFOWPKI3Y/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1195064"},{"type":"REPORT","url":"https://bugzilla.suse.com/1195735"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196133"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-30934"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-30936"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-30951"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-30952"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-30953"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-30954"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-30984"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-45481"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-45482"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-45483"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22589"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22590"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22592"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22620"}],"related":["CVE-2021-30934","CVE-2021-30936","CVE-2021-30951","CVE-2021-30952","CVE-2021-30953","CVE-2021-30954","CVE-2021-30984","CVE-2021-45481","CVE-2021-45482","CVE-2021-45483","CVE-2022-22589","CVE-2022-22590","CVE-2022-22592","CVE-2022-22620"],"summary":"Security update for webkit2gtk3","upstream":["CVE-2021-30934","CVE-2021-30936","CVE-2021-30951","CVE-2021-30952","CVE-2021-30953","CVE-2021-30954","CVE-2021-30984","CVE-2021-45481","CVE-2021-45482","CVE-2021-45483","CVE-2022-22589","CVE-2022-22590","CVE-2022-22592","CVE-2022-22620"]}