SUSE-SU-2022:1431-1
- Source
- https://www.suse.com/support/update/announcement/2022/suse-su-20221431-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:1431-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2022:1431-1
- Upstream
- Related
- Published
- 2022-04-27T09:34:55Z
- Modified
- 2025-05-08T17:17:52.662640Z
- Summary
- Security update for webkit2gtk3
- Details
-
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.0 (bsc#1198290): - CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution. - CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error.
Missing CVE reference for the update to 2.34.6 (bsc#1196133): - CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API.
- References
-
- https://www.suse.com/support/update/announcement/2022/suse-su-20221431-1/
- https://bugzilla.suse.com/1196133
- https://bugzilla.suse.com/1198290
- https://www.suse.com/security/cve/CVE-2022-22594
- https://www.suse.com/security/cve/CVE-2022-22624
- https://www.suse.com/security/cve/CVE-2022-22628
- https://www.suse.com/security/cve/CVE-2022-22629
- https://www.suse.com/security/cve/CVE-2022-22637
Affected packages
openSUSE:Leap 15.3
webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.36.0-150200.32.1
Ecosystem specific
{
"binaries": [
{
"libjavascriptcoregtk-4_0-18-32bit": "2.36.0-150200.32.1",
"typelib-1_0-JavaScriptCore-4_0": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.36.0-150200.32.1",
"webkit-jsc-4": "2.36.0-150200.32.1",
"webkit2gtk-4_0-injected-bundles": "2.36.0-150200.32.1",
"libwebkit2gtk3-lang": "2.36.0-150200.32.1",
"webkit2gtk3-minibrowser": "2.36.0-150200.32.1",
"libwebkit2gtk-4_0-37-32bit": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2-4_0": "2.36.0-150200.32.1",
"libwebkit2gtk-4_0-37": "2.36.0-150200.32.1",
"webkit2gtk3-devel": "2.36.0-150200.32.1",
"libjavascriptcoregtk-4_0-18": "2.36.0-150200.32.1"
}
]
}openSUSE:Leap 15.4
webkit2gtk3
SUSE:Enterprise Storage 7
webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Enterprise%20Storage%207
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.36.0-150200.32.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.36.0-150200.32.1",
"webkit2gtk-4_0-injected-bundles": "2.36.0-150200.32.1",
"libwebkit2gtk3-lang": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2-4_0": "2.36.0-150200.32.1",
"libwebkit2gtk-4_0-37": "2.36.0-150200.32.1",
"webkit2gtk3-devel": "2.36.0-150200.32.1",
"libjavascriptcoregtk-4_0-18": "2.36.0-150200.32.1"
}
]
}SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOS
webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.36.0-150200.32.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.36.0-150200.32.1",
"webkit2gtk-4_0-injected-bundles": "2.36.0-150200.32.1",
"libwebkit2gtk3-lang": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2-4_0": "2.36.0-150200.32.1",
"libwebkit2gtk-4_0-37": "2.36.0-150200.32.1",
"webkit2gtk3-devel": "2.36.0-150200.32.1",
"libjavascriptcoregtk-4_0-18": "2.36.0-150200.32.1"
}
]
}SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS
webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.36.0-150200.32.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.36.0-150200.32.1",
"webkit2gtk-4_0-injected-bundles": "2.36.0-150200.32.1",
"libwebkit2gtk3-lang": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2-4_0": "2.36.0-150200.32.1",
"libwebkit2gtk-4_0-37": "2.36.0-150200.32.1",
"webkit2gtk3-devel": "2.36.0-150200.32.1",
"libjavascriptcoregtk-4_0-18": "2.36.0-150200.32.1"
}
]
}SUSE:Linux Enterprise Module for Basesystem 15 SP3
webkit2gtk3
SUSE:Linux Enterprise Module for Desktop Applications 15 SP3
webkit2gtk3
SUSE:Linux Enterprise Real Time 15 SP2
webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.36.0-150200.32.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.36.0-150200.32.1",
"webkit2gtk-4_0-injected-bundles": "2.36.0-150200.32.1",
"libwebkit2gtk3-lang": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2-4_0": "2.36.0-150200.32.1",
"libwebkit2gtk-4_0-37": "2.36.0-150200.32.1",
"webkit2gtk3-devel": "2.36.0-150200.32.1",
"libjavascriptcoregtk-4_0-18": "2.36.0-150200.32.1"
}
]
}SUSE:Linux Enterprise Server 15 SP2-BCL
webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCL
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.36.0-150200.32.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.36.0-150200.32.1",
"webkit2gtk-4_0-injected-bundles": "2.36.0-150200.32.1",
"libwebkit2gtk3-lang": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2-4_0": "2.36.0-150200.32.1",
"libwebkit2gtk-4_0-37": "2.36.0-150200.32.1",
"webkit2gtk3-devel": "2.36.0-150200.32.1",
"libjavascriptcoregtk-4_0-18": "2.36.0-150200.32.1"
}
]
}SUSE:Linux Enterprise Server 15 SP2-LTSS
webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.36.0-150200.32.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.36.0-150200.32.1",
"webkit2gtk-4_0-injected-bundles": "2.36.0-150200.32.1",
"libwebkit2gtk3-lang": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2-4_0": "2.36.0-150200.32.1",
"libwebkit2gtk-4_0-37": "2.36.0-150200.32.1",
"webkit2gtk3-devel": "2.36.0-150200.32.1",
"libjavascriptcoregtk-4_0-18": "2.36.0-150200.32.1"
}
]
}SUSE:Linux Enterprise Server for SAP Applications 15 SP2
webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.36.0-150200.32.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.36.0-150200.32.1",
"webkit2gtk-4_0-injected-bundles": "2.36.0-150200.32.1",
"libwebkit2gtk3-lang": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2-4_0": "2.36.0-150200.32.1",
"libwebkit2gtk-4_0-37": "2.36.0-150200.32.1",
"webkit2gtk3-devel": "2.36.0-150200.32.1",
"libjavascriptcoregtk-4_0-18": "2.36.0-150200.32.1"
}
]
}SUSE:Manager Proxy 4.1
webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Manager%20Proxy%204.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.36.0-150200.32.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.36.0-150200.32.1",
"webkit2gtk-4_0-injected-bundles": "2.36.0-150200.32.1",
"libwebkit2gtk3-lang": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2-4_0": "2.36.0-150200.32.1",
"libwebkit2gtk-4_0-37": "2.36.0-150200.32.1",
"webkit2gtk3-devel": "2.36.0-150200.32.1",
"libjavascriptcoregtk-4_0-18": "2.36.0-150200.32.1"
}
]
}SUSE:Manager Retail Branch Server 4.1
webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.36.0-150200.32.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.36.0-150200.32.1",
"webkit2gtk-4_0-injected-bundles": "2.36.0-150200.32.1",
"libwebkit2gtk3-lang": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2-4_0": "2.36.0-150200.32.1",
"libwebkit2gtk-4_0-37": "2.36.0-150200.32.1",
"webkit2gtk3-devel": "2.36.0-150200.32.1",
"libjavascriptcoregtk-4_0-18": "2.36.0-150200.32.1"
}
]
}SUSE:Manager Server 4.1
webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Manager%20Server%204.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.36.0-150200.32.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-JavaScriptCore-4_0": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.36.0-150200.32.1",
"webkit2gtk-4_0-injected-bundles": "2.36.0-150200.32.1",
"libwebkit2gtk3-lang": "2.36.0-150200.32.1",
"typelib-1_0-WebKit2-4_0": "2.36.0-150200.32.1",
"libwebkit2gtk-4_0-37": "2.36.0-150200.32.1",
"webkit2gtk3-devel": "2.36.0-150200.32.1",
"libjavascriptcoregtk-4_0-18": "2.36.0-150200.32.1"
}
]
}