Lucene search

GoogleOSV:SUSE-SU-2024:1976-1

HistoryJun 11, 2024 - 7:36 a.m.

Security update for webkit2gtk3

2024-06-1107:36:06

Google

osv.dev

security update

webkit2gtk3

version 2.44.2

cve-2024-27834

vulnerability

pointer authentication

software

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

JSON

This update for webkit2gtk3 fixes the following issues:

Update to version 2.44.2 (bsc#1225071)
CVE-2024-27834: Fixed a vulnerability where an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. (bsc#1225071)

References

bugzilla.suse.com/1215868

bugzilla.suse.com/1215869

bugzilla.suse.com/1215870

bugzilla.suse.com/1218033

bugzilla.suse.com/1222905

bugzilla.suse.com/1225071

www.suse.com/security/cve/CVE-2023-42843

www.suse.com/security/cve/CVE-2023-42950

www.suse.com/security/cve/CVE-2023-42956

www.suse.com/security/cve/CVE-2024-23226

www.suse.com/security/cve/CVE-2024-23252

www.suse.com/security/cve/CVE-2024-23254

www.suse.com/security/cve/CVE-2024-23263

www.suse.com/security/cve/CVE-2024-23280

www.suse.com/security/cve/CVE-2024-23284

www.suse.com/security/cve/CVE-2024-27834

www.suse.com/support/update/announcement/2024/suse-su-20241976-1/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

JSON

Related for OSV:SUSE-SU-2024:1976-1