SUSE SLES15: libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc (SUSE-SU-2022:0182-2)

critical Nessus Plugin ID 158139

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0182-2 advisory.

- Update to version 2.34.3 (bsc#1194019).
- CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced Content Security Policy when processing maliciously crafted web content.
- CVE-2021-30890: Fixed logic issue allowing universal cross site scripting when processing maliciously crafted web content.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1194019

https://www.suse.com/security/cve/CVE-2019-8766

https://www.suse.com/security/cve/CVE-2019-8782

https://www.suse.com/security/cve/CVE-2019-8808

https://www.suse.com/security/cve/CVE-2019-8815

https://www.suse.com/security/cve/CVE-2020-13753

https://www.suse.com/security/cve/CVE-2020-27918

https://www.suse.com/security/cve/CVE-2020-29623

https://www.suse.com/security/cve/CVE-2020-3902

https://www.suse.com/security/cve/CVE-2020-9802

https://www.suse.com/security/cve/CVE-2020-9803

https://www.suse.com/security/cve/CVE-2020-9805

https://www.suse.com/security/cve/CVE-2020-9947

https://www.suse.com/security/cve/CVE-2020-9948

https://www.suse.com/security/cve/CVE-2020-9951

https://www.suse.com/security/cve/CVE-2020-9952

https://www.suse.com/security/cve/CVE-2021-1765

https://www.suse.com/security/cve/CVE-2021-1788

https://www.suse.com/security/cve/CVE-2021-1817

https://www.suse.com/security/cve/CVE-2021-1820

https://www.suse.com/security/cve/CVE-2021-1825

https://www.suse.com/security/cve/CVE-2021-1826

https://www.suse.com/security/cve/CVE-2021-1844

https://www.suse.com/security/cve/CVE-2021-1871

https://www.suse.com/security/cve/CVE-2021-30661

https://www.suse.com/security/cve/CVE-2021-30666

https://www.suse.com/security/cve/CVE-2021-30682

https://www.suse.com/security/cve/CVE-2021-30761

https://www.suse.com/security/cve/CVE-2021-30762

https://www.suse.com/security/cve/CVE-2021-30809

https://www.suse.com/security/cve/CVE-2021-30818

https://www.suse.com/security/cve/CVE-2021-30823

https://www.suse.com/security/cve/CVE-2021-30836

https://www.suse.com/security/cve/CVE-2021-30846

https://www.suse.com/security/cve/CVE-2021-30848

https://www.suse.com/security/cve/CVE-2021-30849

https://www.suse.com/security/cve/CVE-2021-30851

https://www.suse.com/security/cve/CVE-2021-30858

https://www.suse.com/security/cve/CVE-2021-30884

https://www.suse.com/security/cve/CVE-2021-30887

https://www.suse.com/security/cve/CVE-2021-30888

https://www.suse.com/security/cve/CVE-2021-30889

https://www.suse.com/security/cve/CVE-2021-30890

https://www.suse.com/security/cve/CVE-2021-30897

http://www.nessus.org/u?f2507edb

Plugin Details

Severity: Critical

ID: 158139

File Name: suse_SU-2022-0182-2.nasl

Version: 1.10

Type: Local

Agent: unix

Published: 2/18/2022

Updated: 6/26/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

Percentile: 99.76

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-8815

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 9.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2020-13753

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0, p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18, p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang, p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37, p-cpe:/a:novell:suse_linux:webkit2gtk3-devel, p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles, p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/17/2022

Vulnerability Publication Date: 10/25/2019

CISA Known Exploited Vulnerability Due Dates: 11/17/2021

Reference Information

CVE: CVE-2019-8766, CVE-2019-8782, CVE-2019-8808, CVE-2019-8815, CVE-2020-13753, CVE-2020-27918, CVE-2020-29623, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9947, CVE-2020-9948, CVE-2020-9951, CVE-2020-9952, CVE-2021-1765, CVE-2021-1788, CVE-2021-1817, CVE-2021-1820, CVE-2021-1825, CVE-2021-1826, CVE-2021-1844, CVE-2021-1871, CVE-2021-30661, CVE-2021-30666, CVE-2021-30682, CVE-2021-30761, CVE-2021-30762, CVE-2021-30809, CVE-2021-30818, CVE-2021-30823, CVE-2021-30836, CVE-2021-30846, CVE-2021-30848, CVE-2021-30849, CVE-2021-30851, CVE-2021-30858, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897

IAVA: 2021-A-0126-S, 2021-A-0202-S, 2021-A-0251-S, 2021-A-0414-S, 2021-A-0437-S, 2021-A-0505-S

SuSE: SUSE-SU-2022:0182-2