ID de Prueba:	1.3.6.1.4.1.25623.1.1.18.2.2024.1270.1
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:1270-1)
Resumen:	The remote host is missing an update for the 'webkit2gtk3' package(s) announced via the SUSE-SU-2024:1270-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'webkit2gtk3' package(s) announced via the SUSE-SU-2024:1270-1 advisory. Vulnerability Insight: This update for webkit2gtk3 fixes the following issues: - CVE-2024-23252: Fixed denial of service via crafted web content (bsc#1222010). - CVE-2024-23254: Fixed possible audio data exilftration cross-origin via malicious website (bsc#1222010). - CVE-2024-23263: Fixed lack of Content Security Policy enforcing via malicious crafted web content (bsc#1222010). - CVE-2024-23280: Fixed possible user fingeprint via malicious crafted web content (bsc#1222010). - CVE-2024-23284: Fixed lack of Content Security Policy enforcing via malicious crafted web content (bsc#1222010). - CVE-2023-42950: Fixed arbitrary code execution via crafted web content (bsc#1222010). - CVE-2023-42956: Fixed denial of service via crafted web content (bsc#1222010). - CVE-2023-42843: Fixed address bar spoofing via malicious website (bsc#1222010). Other fixes: - Update to version 2.44.0 (bsc#1222010): + Make the DOM accessibility tree reachable from UI process with GTK4. + Removed the X11 and WPE renderers in favor of DMA-BUF. + Improved vblank synchronization when rendering. + Removed key event reinjection in GTK4 to make keyboard shortcuts work in web sites. + Fix gamepads detection by correctly handling focused window in GTK4. Affected Software/OS: 'webkit2gtk3' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-42843 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/ https://support.apple.com/en-us/HT213981 https://support.apple.com/en-us/HT213982 https://support.apple.com/en-us/HT213984 https://support.apple.com/en-us/HT213986 http://www.openwall.com/lists/oss-security/2024/03/26/1 Common Vulnerability Exposure (CVE) ID: CVE-2023-42950 https://support.apple.com/en-us/HT214035 https://support.apple.com/en-us/HT214036 https://support.apple.com/en-us/HT214039 https://support.apple.com/en-us/HT214040 https://support.apple.com/en-us/HT214041 Common Vulnerability Exposure (CVE) ID: CVE-2023-42956 Common Vulnerability Exposure (CVE) ID: CVE-2024-23252 Common Vulnerability Exposure (CVE) ID: CVE-2024-23254 http://seclists.org/fulldisclosure/2024/Mar/20 http://seclists.org/fulldisclosure/2024/Mar/21 http://seclists.org/fulldisclosure/2024/Mar/24 http://seclists.org/fulldisclosure/2024/Mar/25 http://seclists.org/fulldisclosure/2024/Mar/26 https://support.apple.com/en-us/HT214081 https://support.apple.com/en-us/HT214084 https://support.apple.com/en-us/HT214086 https://support.apple.com/en-us/HT214087 https://support.apple.com/en-us/HT214088 https://support.apple.com/en-us/HT214089 Common Vulnerability Exposure (CVE) ID: CVE-2024-23263 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/ https://support.apple.com/en-us/HT214082 Common Vulnerability Exposure (CVE) ID: CVE-2024-23280 Common Vulnerability Exposure (CVE) ID: CVE-2024-23284
Copyright	Copyright (C) 2025 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.