vulnerability
SUSE: CVE-2020-13753: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jul 14, 2020 | Jul 22, 2020 | Feb 18, 2022 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jul 14, 2020
Added
Jul 22, 2020
Modified
Feb 18, 2022
Description
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.
Solution(s)
suse-upgrade-libjavascriptcoregtk-4_0-18suse-upgrade-libjavascriptcoregtk-4_0-18-32bitsuse-upgrade-libwebkit2gtk-4_0-37suse-upgrade-libwebkit2gtk-4_0-37-32bitsuse-upgrade-libwebkit2gtk3-langsuse-upgrade-typelib-1_0-javascriptcore-4_0suse-upgrade-typelib-1_0-webkit2-4_0suse-upgrade-typelib-1_0-webkit2webextension-4_0suse-upgrade-webkit-jsc-4suse-upgrade-webkit2gtk-4_0-injected-bundlessuse-upgrade-webkit2gtk3-develsuse-upgrade-webkit2gtk3-minibrowser
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.