SUSE Linux Enterprise update for webkit2gtk3



Published: 2021-08-05
Risk Critical
Patch available YES
Number of vulnerabilities 13
CVE-ID CVE-2021-21775
CVE-2021-21779
CVE-2021-30663
CVE-2021-30665
CVE-2021-30689
CVE-2021-30720
CVE-2021-30734
CVE-2021-30744
CVE-2021-30749
CVE-2021-30758
CVE-2021-30795
CVE-2021-30797
CVE-2021-30799
CWE-ID CWE-416
CWE-190
CWE-119
CWE-79
CWE-254
CWE-843
CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Vulnerability #3 is being exploited in the wild.
Vulnerability #4 is being exploited in the wild.
Vulnerable software
Subscribe
SUSE Linux Enterprise Server
Operating systems & Components / Operating system

SUSE OpenStack Cloud
Operating systems & Components / Operating system

Vendor SUSE

Security Bulletin

This security bulletin contains information about 13 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU53782

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-21775

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • HPE Helion Openstack 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • HPE Helion Openstack 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212600-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Use-after-free

EUVDB-ID: #VU53497

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-21779

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • HPE Helion Openstack 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • HPE Helion Openstack 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212600-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Integer overflow

EUVDB-ID: #VU52814

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-30663

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • HPE Helion Openstack 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • HPE Helion Openstack 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212600-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

4) Buffer overflow

EUVDB-ID: #VU52815

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-30665

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • HPE Helion Openstack 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • HPE Helion Openstack 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212600-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

5) Universal cross-site scripting

EUVDB-ID: #VU53499

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30689

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • HPE Helion Openstack 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • HPE Helion Openstack 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212600-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Security features bypass

EUVDB-ID: #VU53502

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30720

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists in WebKit due to the way the component handles links to internal resources. A remote attacker can create a specially crafted web page and trick the application to connect to arbitrary internal addresses.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • HPE Helion Openstack 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • HPE Helion Openstack 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212600-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU53501

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30734

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web oage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • HPE Helion Openstack 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • HPE Helion Openstack 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212600-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Universal cross-site scripting

EUVDB-ID: #VU53496

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30744

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • HPE Helion Openstack 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • HPE Helion Openstack 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212600-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU53500

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30749

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content within the KeyframeEffect class in WebKit. A remote attacker can create a specially crafted web oage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • HPE Helion Openstack 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • HPE Helion Openstack 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212600-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Type Confusion

EUVDB-ID: #VU55217

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30758

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to open a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • HPE Helion Openstack 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • HPE Helion Openstack 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212600-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU55218

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30795

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • HPE Helion Openstack 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • HPE Helion Openstack 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212600-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU55219

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30797

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in WebKit. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • HPE Helion Openstack 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • HPE Helion Openstack 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212600-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer overflow

EUVDB-ID: #VU55220

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30799

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

  • SUSE OpenStack Cloud Crowbar 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud Crowbar 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE OpenStack Cloud 9 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE OpenStack Cloud 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP5 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1
    • webkit2gtk3-devel-2.32.3-2.66.1
  • HPE Helion Openstack 8 (noarch):
    • libwebkit2gtk3-lang-2.32.3-2.66.1
  • HPE Helion Openstack 8 (x86_64):
    • libjavascriptcoregtk-4_0-18-2.32.3-2.66.1
    • libjavascriptcoregtk-4_0-18-debuginfo-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-2.32.3-2.66.1
    • libwebkit2gtk-4_0-37-debuginfo-2.32.3-2.66.1
    • typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2-4_0-2.32.3-2.66.1
    • typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1
    • webkit2gtk-4_0-injected-bundles-debuginfo-2.32.3-2.66.1
    • webkit2gtk3-debugsource-2.32.3-2.66.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20212600-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###