Overview

File _patchinfo of Package patchinfo.34132

<patchinfo incident="34132">
  <issue tracker="bnc" id="1225071">VUL-0: CVE-2024-27834: webkit2gtk3,webkitgtk,wpewebkit: pointer authentication bypass</issue>
  <issue tracker="bnc" id="1222010">VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2024-0002</issue>
  <issue tracker="cve" id="2024-23284"/>
  <issue tracker="cve" id="2023-42950"/>
  <issue tracker="cve" id="2024-23254"/>
  <issue tracker="cve" id="2023-42843"/>
  <issue tracker="cve" id="2024-27834"/>
  <issue tracker="cve" id="2024-23252"/>
  <issue tracker="cve" id="2024-23263"/>
  <issue tracker="cve" id="2024-23280"/>
  <issue tracker="cve" id="2023-42956"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for webkit2gtk3</summary>
  <description>This update for webkit2gtk3 fixes the following issues:

- Update to version 2.44.2 (bsc#1225071):
- CVE-2024-23252: Fixed a vulnerability where processed web content may lead to a denial-of-service. (bsc#1222010)
- CVE-2024-23254: Fixed a vulnerability where a malicious website may exfiltrate audio data cross-origin. (bsc#1222010)
- CVE-2024-23263: Fixed a vulnerability where processed maliciously crafted web content may prevent Content Security Policy from being enforced. (bsc#1222010)
- CVE-2024-23280: Fixed a vulnerability where a maliciously crafted webpage may be able to fingerprint the user. (bsc#1222010)
- CVE-2024-23284: Fixed a vulnerability where processed maliciously crafted web content may prevent Content Security Policy from being enforced. (bsc#1222010)
- CVE-2023-42950: Fixed a vulnerability where processed maliciously crafted web content may lead to arbitrary code execution. (bsc#1222010)
- CVE-2023-42956: Fixed a vulnerability where processed web content may lead to a denial-of-service. (bsc#1222010)
- CVE-2023-42843: Fixed a vulnerability where visiting a malicious website may lead to address bar spoofing. (bsc#1222010)
- CVE-2024-27834: Fixed a vulnerability where an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. (bsc#1225071)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places