Bugzilla – Bug 1215868
VUL-0: CVE-2023-39928: libQtWebKit4,libqt5-qtwebkit,webkit2gtk3,webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports
Last modified: 2024-06-11 08:30:57 UTC
A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to visit a malicious webpage to trigger this vulnerability. CVE-2023-39928 Versions affected: WebKitGTK and WPE WebKit before 2.42.0. Credit to Marcin ‘Icewall’ Noga of Cisco Talos. A use-after-free vulnerability exists in the MediaRecorder API of the WebKit GStreamer-based ports (WebKitGTK and WPE WebKit). A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability. WebKit Bugzilla: 260649. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39928 https://webkitgtk.org/security/WSA-2023-0009.html#CVE-2023-39928
https://github.com/WebKit/WebKit/commit/37bc7427407685a224044ddc3df4b81c41d6fd38 affects the pause and resume recording function. not existing in libQtWebKit4 or libqt5-qtwebkit
SUSE-SU-2023:4211-1: An update that solves eight vulnerabilities and has three security fixes can now be installed. Category: security (important) Bug References: 1213379, 1213581, 1213905, 1215072, 1215661, 1215866, 1215867, 1215868, 1215869, 1215870, 1216483 CVE References: CVE-2023-32393, CVE-2023-35074, CVE-2023-37450, CVE-2023-39434, CVE-2023-39928, CVE-2023-40451, CVE-2023-41074, CVE-2023-41993 Sources used: SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): webkit2gtk3-2.42.1-150000.3.153.1 SUSE CaaS Platform 4.0 (src): webkit2gtk3-2.42.1-150000.3.153.1 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): webkit2gtk3-2.42.1-150000.3.153.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): webkit2gtk3-2.42.1-150000.3.153.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4209-1: An update that solves eight vulnerabilities and has three security fixes can now be installed. Category: security (important) Bug References: 1213379, 1213581, 1213905, 1215072, 1215661, 1215866, 1215867, 1215868, 1215869, 1215870, 1216483 CVE References: CVE-2023-32393, CVE-2023-35074, CVE-2023-37450, CVE-2023-39434, CVE-2023-39928, CVE-2023-40451, CVE-2023-41074, CVE-2023-41993 Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): webkit2gtk3-2.42.1-2.155.1 SUSE Linux Enterprise Server 12 SP5 (src): webkit2gtk3-2.42.1-2.155.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): webkit2gtk3-2.42.1-2.155.1 SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): webkit2gtk3-2.42.1-2.155.1 SUSE Linux Enterprise Software Development Kit 12 SP5 (src): webkit2gtk3-2.42.1-2.155.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4294-1: An update that solves six vulnerabilities and has five security fixes can now be installed. Category: security (important) Bug References: 1214093, 1214640, 1214835, 1215072, 1215661, 1215866, 1215867, 1215868, 1215869, 1215870, 1216483 CVE References: CVE-2023-35074, CVE-2023-39434, CVE-2023-39928, CVE-2023-40451, CVE-2023-41074, CVE-2023-41993 Sources used: openSUSE Leap 15.4 (src): webkit2gtk3-soup2-2.42.1-150400.4.57.2, webkit2gtk3-2.42.1-150400.4.57.2, webkit2gtk4-2.42.1-150400.4.57.3 openSUSE Leap 15.5 (src): webkit2gtk3-soup2-2.42.1-150400.4.57.2, webkit2gtk3-2.42.1-150400.4.57.2, webkit2gtk4-2.42.1-150400.4.57.3 Basesystem Module 15-SP4 (src): webkit2gtk3-soup2-2.42.1-150400.4.57.2 Basesystem Module 15-SP5 (src): webkit2gtk3-soup2-2.42.1-150400.4.57.2 Desktop Applications Module 15-SP4 (src): webkit2gtk3-2.42.1-150400.4.57.2 Desktop Applications Module 15-SP5 (src): webkit2gtk3-2.42.1-150400.4.57.2 Development Tools Module 15-SP4 (src): webkit2gtk4-2.42.1-150400.4.57.3 Development Tools Module 15-SP5 (src): webkit2gtk4-2.42.1-150400.4.57.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4339-1: An update that solves eight vulnerabilities and has two security fixes can now be installed. Category: security (important) Bug References: 1213379, 1213581, 1215072, 1215661, 1215866, 1215867, 1215868, 1215869, 1215870, 1216483 CVE References: CVE-2023-32393, CVE-2023-35074, CVE-2023-37450, CVE-2023-39434, CVE-2023-39928, CVE-2023-40451, CVE-2023-41074, CVE-2023-41993 Sources used: SUSE Enterprise Storage 7.1 (src): webkit2gtk3-2.42.1-150200.87.4 SUSE Enterprise Storage 7 (src): webkit2gtk3-2.42.1-150200.87.4 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): webkit2gtk3-2.42.1-150200.87.4 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): webkit2gtk3-2.42.1-150200.87.4 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): webkit2gtk3-2.42.1-150200.87.4 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): webkit2gtk3-2.42.1-150200.87.4 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): webkit2gtk3-2.42.1-150200.87.4 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): webkit2gtk3-2.42.1-150200.87.4 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): webkit2gtk3-2.42.1-150200.87.4 SUSE Manager Proxy 4.2 (src): webkit2gtk3-2.42.1-150200.87.4 SUSE Manager Retail Branch Server 4.2 (src): webkit2gtk3-2.42.1-150200.87.4 SUSE Manager Server 4.2 (src): webkit2gtk3-2.42.1-150200.87.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Created attachment 871546 [details] yelp core dumped file
Created attachment 871547 [details] webkitwebproces core file
I am testing the S:M:31974:316278 update, when I perform regression testing on the SLE12SP5 x86_64 system, running yelp command will generate a core file: # yelp libEGL warning: No hardware driver found, falling back to software rendering function is no-op libEGL warning: DRI3: failed to query the version libEGL warning: DRI2: failed to authenticate (yelp:11827): Gdk-ERROR **: The program 'yelp' received an X Window System error. This probably reflects a bug in the program. The error was 'BadRequest (invalid request code or no such operation)'. (Details: serial 177 error_code 1 request_code 155 (unknown) minor_code 1) (Note to programmers: normally, X errors are reported asynchronously; that is, you will receive the error a while after causing it. To debug your program, run it with the GDK_SYNCHRONIZE environment variable to change this behavior. You can then get a meaningful backtrace from your debugger if you break on the gdk_x_error() function.) Trace/breakpoint trap (core dumped) dmesg: [480439.868070] traps: yelp[1914] trap int3 ip:7f6877b3fab3 sp:7ffe219da5c0 error:0 in libglib-2.0.so.0.4800.2[7f6877aed000+10f000] [481015.192219] traps: yelp[20450] trap int3 ip:7ff7e49e6ab3 sp:7fff1fb99ad0 error:0 in libglib-2.0.so.0.4800.2[7ff7e4994000+10f000] [485633.872319] traps: eadedCompositor[24378] trap int3 ip:7efc0c106ab3 sp:7efbbe5eb2a0 error:0 in libglib-2.0.so.0.4800.2[7efc0c0b4000+10f000] [486093.556758] traps: yelp[27984] trap int3 ip:7f3a13eb4ab3 sp:7ffe21bc7220 error:0 in libglib-2.0.so.0.4800.2[7f3a13e62000+10f000] [486507.976593] traps: yelp[11827] trap int3 ip:7fb0111d4ab3 sp:7ffeb07cc660 error:0 in libglib-2.0.so.0.4800.2[7fb011182000+10f000] [486888.712835] traps: yelp[16184] trap int3 ip:7f4a5110eab3 sp:7ffdfd54ce90 error:0 in libglib-2.0.so.0.4800.2[7f4a510bc000+10f000] I have uploaded the generated core file attachment, please help me check it. Thank you!
The following information will be displayed on SLE12SP2 and SP3, but no core file will be generated. You can open the Yelp window, but no content will be displayed, such as screenshots: libEGL warning: DRI3: failed to query the version libEGL warning: DRI2: failed to authenticate (WebKitWebProcess:4330): Gdk-ERROR **: The program 'WebKitWebProcess' received an X Window System error. This probably reflects a bug in the program. The error was 'BadRequest (invalid request code or no such operation)'. (Details: serial 182 error_code 1 request_code 155 (unknown) minor_code 1) (Note to programmers: normally, X errors are reported asynchronously; that is, you will receive the error a while after causing it. To debug your program, run it with the GDK_SYNCHRONIZE environment variable to change this behavior. You can then get a meaningful backtrace from your debugger if you break on the gdk_x_error() function.)
Created attachment 871548 [details] yelp window screenshot
The same issue exists in SLE15SP1, SP3, SP4, and SP5. I also uploaded the generated core file.
Created attachment 871559 [details] sle15sp1 core file
Created attachment 871560 [details] sle15sp5 core file
BTW: the newest versions of webkit on sle12sp5 and sle15sp5 are both core dumped when launched through ssh. But they works well on localhost.
SUSE-SU-2023:4978-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1215868, 1215869, 1215870, 1218032, 1218033 CVE References: CVE-2023-39928, CVE-2023-40451, CVE-2023-41074, CVE-2023-42883, CVE-2023-42890 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): webkit2gtk3-2.42.4-2.164.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): webkit2gtk3-2.42.4-2.164.1 SUSE Linux Enterprise Server 12 SP5 (src): webkit2gtk3-2.42.4-2.164.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): webkit2gtk3-2.42.4-2.164.1 SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): webkit2gtk3-2.42.4-2.164.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
(In reply to ming li from comment #16) > The same issue exists in SLE15SP1, SP3, SP4, and SP5. I also uploaded the > generated core file. To be clear, this is a regression and doesn't happen with version 2.42.3?
(In reply to Michael Gorse from comment #21) > (In reply to ming li from comment #16) > > The same issue exists in SLE15SP1, SP3, SP4, and SP5. I also uploaded the > > generated core file. > > To be clear, this is a regression and doesn't happen with version 2.42.3? Yes, it also happens in 2.42.3
(In reply to ming li from comment #22) > (In reply to Michael Gorse from comment #21) > > (In reply to ming li from comment #16) > > > The same issue exists in SLE15SP1, SP3, SP4, and SP5. I also uploaded the > > > generated core file. > > > > To be clear, this is a regression and doesn't happen with version 2.42.3? > > Yes, it also happens in 2.42.3 It is unrelated to this MR then. Given that it only happens in ssh-forwarded sessions, it sounds like it might not be a new issue. You could open a separate bug for it if you'd like.
(In reply to Michael Gorse from comment #23) > It is unrelated to this MR then. Given that it only happens in ssh-forwarded > sessions, it sounds like it might not be a new issue. You could open a > separate bug for it if you'd like. Thank you Michael! I have opened a new bug: https://bugzilla.suse.com/show_bug.cgi?id=1218469
SUSE-SU-2024:0004-1: An update that solves six vulnerabilities can now be installed. Category: security (important) Bug References: 1215868, 1215869, 1215870, 1218032, 1218033 CVE References: CVE-2023-32359, CVE-2023-39928, CVE-2023-40451, CVE-2023-41074, CVE-2023-42883, CVE-2023-42890 Sources used: Basesystem Module 15-SP4 (src): webkit2gtk3-soup2-2.42.4-150400.4.70.3 Basesystem Module 15-SP5 (src): webkit2gtk3-soup2-2.42.4-150400.4.70.3 Desktop Applications Module 15-SP4 (src): webkit2gtk3-2.42.4-150400.4.70.3 Desktop Applications Module 15-SP5 (src): webkit2gtk3-2.42.4-150400.4.70.3 Development Tools Module 15-SP5 (src): webkit2gtk4-2.42.4-150400.4.70.3 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): webkit2gtk4-2.42.4-150400.4.70.3, webkit2gtk3-soup2-2.42.4-150400.4.70.3, webkit2gtk3-2.42.4-150400.4.70.3 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): webkit2gtk4-2.42.4-150400.4.70.3, webkit2gtk3-soup2-2.42.4-150400.4.70.3, webkit2gtk3-2.42.4-150400.4.70.3 SUSE Linux Enterprise Real Time 15 SP4 (src): webkit2gtk4-2.42.4-150400.4.70.3, webkit2gtk3-soup2-2.42.4-150400.4.70.3, webkit2gtk3-2.42.4-150400.4.70.3 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): webkit2gtk4-2.42.4-150400.4.70.3, webkit2gtk3-soup2-2.42.4-150400.4.70.3, webkit2gtk3-2.42.4-150400.4.70.3 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): webkit2gtk4-2.42.4-150400.4.70.3, webkit2gtk3-soup2-2.42.4-150400.4.70.3, webkit2gtk3-2.42.4-150400.4.70.3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): webkit2gtk4-2.42.4-150400.4.70.3, webkit2gtk3-soup2-2.42.4-150400.4.70.3, webkit2gtk3-2.42.4-150400.4.70.3 SUSE Manager Proxy 4.3 (src): webkit2gtk3-soup2-2.42.4-150400.4.70.3 SUSE Manager Retail Branch Server 4.3 (src): webkit2gtk3-soup2-2.42.4-150400.4.70.3 SUSE Manager Server 4.3 (src): webkit2gtk3-soup2-2.42.4-150400.4.70.3 openSUSE Leap 15.4 (src): webkit2gtk4-2.42.4-150400.4.70.3, webkit2gtk3-soup2-2.42.4-150400.4.70.3, webkit2gtk3-2.42.4-150400.4.70.3 openSUSE Leap 15.5 (src): webkit2gtk4-2.42.4-150400.4.70.3, webkit2gtk3-soup2-2.42.4-150400.4.70.3, webkit2gtk3-2.42.4-150400.4.70.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0003-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1215868, 1215870, 1218032, 1218033 CVE References: CVE-2023-32359, CVE-2023-39928, CVE-2023-41074, CVE-2023-42883, CVE-2023-42890 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): webkit2gtk3-2.42.4-150200.97.3 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): webkit2gtk3-2.42.4-150200.97.3 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): webkit2gtk3-2.42.4-150200.97.3 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): webkit2gtk3-2.42.4-150200.97.3 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): webkit2gtk3-2.42.4-150200.97.3 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): webkit2gtk3-2.42.4-150200.97.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): webkit2gtk3-2.42.4-150200.97.3 SUSE Enterprise Storage 7.1 (src): webkit2gtk3-2.42.4-150200.97.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0002-1: An update that solves six vulnerabilities can now be installed. Category: security (important) Bug References: 1215868, 1215869, 1215870, 1218032, 1218033 CVE References: CVE-2023-32359, CVE-2023-39928, CVE-2023-40451, CVE-2023-41074, CVE-2023-42883, CVE-2023-42890 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): webkit2gtk3-2.42.4-150000.3.163.2 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): webkit2gtk3-2.42.4-150000.3.163.2 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): webkit2gtk3-2.42.4-150000.3.163.2 SUSE CaaS Platform 4.0 (src): webkit2gtk3-2.42.4-150000.3.163.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1976-1: An update that solves 10 vulnerabilities can now be installed. Category: security (important) Bug References: 1215868, 1215869, 1215870, 1218033, 1222905, 1225071 CVE References: CVE-2023-42843, CVE-2023-42950, CVE-2023-42956, CVE-2024-23226, CVE-2024-23252, CVE-2024-23254, CVE-2024-23263, CVE-2024-23280, CVE-2024-23284, CVE-2024-27834 Maintenance Incident: [SUSE:Maintenance:34144](https://smelt.suse.de/incident/34144/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): webkit2gtk3-2.44.2-4.7.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): webkit2gtk3-2.44.2-4.7.1 SUSE Linux Enterprise Server 12 SP5 (src): webkit2gtk3-2.44.2-4.7.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): webkit2gtk3-2.44.2-4.7.1 SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): webkit2gtk3-2.44.2-4.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.