Bug 1213379 (CVE-2023-37450) - VUL-0: CVE-2023-37450: webkit2gtk3: arbitrary code execution
Summary: VUL-0: CVE-2023-37450: webkit2gtk3: arbitrary code execution
Status: RESOLVED FIXED
Alias: CVE-2023-37450
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P2 - High : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/372589/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-37450:8.8:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-17 07:37 UTC by Robert Frohl
Modified: 2024-06-03 21:20 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
rfrohl: needinfo? (gnome-bugs)
rfrohl: needinfo? (mgorse)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2023-07-17 07:37:22 UTC
CVE-2023-37450

Processing web content may lead to arbitrary code execution

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37450
https://bugzilla.redhat.com/show_bug.cgi?id=2223000
Comment 11 OBSbugzilla Bot 2023-09-03 16:15:34 UTC
This is an autogenerated message for OBS integration:
This bug (1213379) was mentioned in
https://build.opensuse.org/request/show/1108719 15.4 / webkit2gtk3
Comment 12 Maintenance Automation 2023-09-08 16:30:34 UTC
SUSE-SU-2023:3556-1: An update that solves two vulnerabilities and has two security fixes can now be installed.

Category: security (important)
Bug References: 1213379, 1213581, 1213905, 1214093
CVE References: CVE-2023-32393, CVE-2023-37450
Sources used:
openSUSE Leap 15.4 (src): webkit2gtk3-soup2-2.40.5-150400.4.48.1, webkit2gtk3-2.40.5-150400.4.48.1, webkit2gtk4-2.40.5-150400.4.48.1
openSUSE Leap 15.5 (src): webkit2gtk3-soup2-2.40.5-150400.4.48.1, webkit2gtk3-2.40.5-150400.4.48.1, webkit2gtk4-2.40.5-150400.4.48.1
Basesystem Module 15-SP4 (src): webkit2gtk3-soup2-2.40.5-150400.4.48.1
Basesystem Module 15-SP5 (src): webkit2gtk3-soup2-2.40.5-150400.4.48.1
Desktop Applications Module 15-SP4 (src): webkit2gtk3-2.40.5-150400.4.48.1
Desktop Applications Module 15-SP5 (src): webkit2gtk3-2.40.5-150400.4.48.1
Development Tools Module 15-SP4 (src): webkit2gtk4-2.40.5-150400.4.48.1
Development Tools Module 15-SP5 (src): webkit2gtk4-2.40.5-150400.4.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Maintenance Automation 2023-09-25 08:30:07 UTC
SUSE-SU-2023:3753-1: An update that solves 10 vulnerabilities can now be installed.

Category: security (important)
Bug References: 1213379, 1213581, 1213905, 1214093, 1214640, 1214835, 1215072, 1215230
CVE References: CVE-2023-28198, CVE-2023-32370, CVE-2023-37450, CVE-2023-38594, CVE-2023-38595, CVE-2023-38597, CVE-2023-38599, CVE-2023-38600, CVE-2023-38611, CVE-2023-40397
Sources used:
Development Tools Module 15-SP5 (src): webkit2gtk4-2.40.5-150400.4.51.1
openSUSE Leap 15.4 (src): webkit2gtk3-soup2-2.40.5-150400.4.51.1, webkit2gtk3-2.40.5-150400.4.51.1, webkit2gtk4-2.40.5-150400.4.51.1
openSUSE Leap 15.5 (src): webkit2gtk3-soup2-2.40.5-150400.4.51.1, webkit2gtk3-2.40.5-150400.4.51.1, webkit2gtk4-2.40.5-150400.4.51.1
Basesystem Module 15-SP4 (src): webkit2gtk3-soup2-2.40.5-150400.4.51.1
Basesystem Module 15-SP5 (src): webkit2gtk3-soup2-2.40.5-150400.4.51.1
Desktop Applications Module 15-SP4 (src): webkit2gtk3-2.40.5-150400.4.51.1
Desktop Applications Module 15-SP5 (src): webkit2gtk3-2.40.5-150400.4.51.1
Development Tools Module 15-SP4 (src): webkit2gtk4-2.40.5-150400.4.51.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Maintenance Automation 2023-10-26 12:30:21 UTC
SUSE-SU-2023:4211-1: An update that solves eight vulnerabilities and has three security fixes can now be installed.

Category: security (important)
Bug References: 1213379, 1213581, 1213905, 1215072, 1215661, 1215866, 1215867, 1215868, 1215869, 1215870, 1216483
CVE References: CVE-2023-32393, CVE-2023-35074, CVE-2023-37450, CVE-2023-39434, CVE-2023-39928, CVE-2023-40451, CVE-2023-41074, CVE-2023-41993
Sources used:
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): webkit2gtk3-2.42.1-150000.3.153.1
SUSE CaaS Platform 4.0 (src): webkit2gtk3-2.42.1-150000.3.153.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): webkit2gtk3-2.42.1-150000.3.153.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): webkit2gtk3-2.42.1-150000.3.153.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Maintenance Automation 2023-10-26 12:30:29 UTC
SUSE-SU-2023:4209-1: An update that solves eight vulnerabilities and has three security fixes can now be installed.

Category: security (important)
Bug References: 1213379, 1213581, 1213905, 1215072, 1215661, 1215866, 1215867, 1215868, 1215869, 1215870, 1216483
CVE References: CVE-2023-32393, CVE-2023-35074, CVE-2023-37450, CVE-2023-39434, CVE-2023-39928, CVE-2023-40451, CVE-2023-41074, CVE-2023-41993
Sources used:
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): webkit2gtk3-2.42.1-2.155.1
SUSE Linux Enterprise Server 12 SP5 (src): webkit2gtk3-2.42.1-2.155.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): webkit2gtk3-2.42.1-2.155.1
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): webkit2gtk3-2.42.1-2.155.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): webkit2gtk3-2.42.1-2.155.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Maintenance Automation 2023-11-02 16:30:50 UTC
SUSE-SU-2023:4339-1: An update that solves eight vulnerabilities and has two security fixes can now be installed.

Category: security (important)
Bug References: 1213379, 1213581, 1215072, 1215661, 1215866, 1215867, 1215868, 1215869, 1215870, 1216483
CVE References: CVE-2023-32393, CVE-2023-35074, CVE-2023-37450, CVE-2023-39434, CVE-2023-39928, CVE-2023-40451, CVE-2023-41074, CVE-2023-41993
Sources used:
SUSE Enterprise Storage 7.1 (src): webkit2gtk3-2.42.1-150200.87.4
SUSE Enterprise Storage 7 (src): webkit2gtk3-2.42.1-150200.87.4
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): webkit2gtk3-2.42.1-150200.87.4
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): webkit2gtk3-2.42.1-150200.87.4
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): webkit2gtk3-2.42.1-150200.87.4
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): webkit2gtk3-2.42.1-150200.87.4
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): webkit2gtk3-2.42.1-150200.87.4
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): webkit2gtk3-2.42.1-150200.87.4
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): webkit2gtk3-2.42.1-150200.87.4
SUSE Manager Proxy 4.2 (src): webkit2gtk3-2.42.1-150200.87.4
SUSE Manager Retail Branch Server 4.2 (src): webkit2gtk3-2.42.1-150200.87.4
SUSE Manager Server 4.2 (src): webkit2gtk3-2.42.1-150200.87.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Andrea Mattiazzo 2024-05-31 13:13:33 UTC
All done, closing.