Test ID:	1.3.6.1.4.1.25623.1.1.18.2.2024.1270.1
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (SUSE-SU-2024:1270-1)
Summary:	The remote host is missing an update for the 'webkit2gtk3' package(s) announced via the SUSE-SU-2024:1270-1 advisory.
Description:	Summary: The remote host is missing an update for the 'webkit2gtk3' package(s) announced via the SUSE-SU-2024:1270-1 advisory. Vulnerability Insight: This update for webkit2gtk3 fixes the following issues: - CVE-2024-23252: Fixed denial of service via crafted web content (bsc#1222010). - CVE-2024-23254: Fixed possible audio data exilftration cross-origin via malicious website (bsc#1222010). - CVE-2024-23263: Fixed lack of Content Security Policy enforcing via malicious crafted web content (bsc#1222010). - CVE-2024-23280: Fixed possible user fingeprint via malicious crafted web content (bsc#1222010). - CVE-2024-23284: Fixed lack of Content Security Policy enforcing via malicious crafted web content (bsc#1222010). - CVE-2023-42950: Fixed arbitrary code execution via crafted web content (bsc#1222010). - CVE-2023-42956: Fixed denial of service via crafted web content (bsc#1222010). - CVE-2023-42843: Fixed address bar spoofing via malicious website (bsc#1222010). Other fixes: - Update to version 2.44.0 (bsc#1222010): + Make the DOM accessibility tree reachable from UI process with GTK4. + Removed the X11 and WPE renderers in favor of DMA-BUF. + Improved vblank synchronization when rendering. + Removed key event reinjection in GTK4 to make keyboard shortcuts work in web sites. + Fix gamepads detection by correctly handling focused window in GTK4. Affected Software/OS: 'webkit2gtk3' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-42843 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/ https://support.apple.com/en-us/HT213981 https://support.apple.com/en-us/HT213982 https://support.apple.com/en-us/HT213984 https://support.apple.com/en-us/HT213986 http://www.openwall.com/lists/oss-security/2024/03/26/1 Common Vulnerability Exposure (CVE) ID: CVE-2023-42950 https://support.apple.com/en-us/HT214035 https://support.apple.com/en-us/HT214036 https://support.apple.com/en-us/HT214039 https://support.apple.com/en-us/HT214040 https://support.apple.com/en-us/HT214041 Common Vulnerability Exposure (CVE) ID: CVE-2023-42956 Common Vulnerability Exposure (CVE) ID: CVE-2024-23252 Common Vulnerability Exposure (CVE) ID: CVE-2024-23254 http://seclists.org/fulldisclosure/2024/Mar/20 http://seclists.org/fulldisclosure/2024/Mar/21 http://seclists.org/fulldisclosure/2024/Mar/24 http://seclists.org/fulldisclosure/2024/Mar/25 http://seclists.org/fulldisclosure/2024/Mar/26 https://support.apple.com/en-us/HT214081 https://support.apple.com/en-us/HT214084 https://support.apple.com/en-us/HT214086 https://support.apple.com/en-us/HT214087 https://support.apple.com/en-us/HT214088 https://support.apple.com/en-us/HT214089 Common Vulnerability Exposure (CVE) ID: CVE-2024-23263 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/ https://support.apple.com/en-us/HT214082 Common Vulnerability Exposure (CVE) ID: CVE-2024-23280 Common Vulnerability Exposure (CVE) ID: CVE-2024-23284
Copyright	Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.