Hello,
I am having a problem with evolution. I recently installed Leap 15.5, and when I first started evolution I couldn’t read the body of the emails. After looking around I found this bug:1216778 – Unable to read the text of emails in Evolution. So after going around in circles I actually *read the information and learned that I had to downgrade a package, or a few. I did that and it worked. Unfortunately when I do an Online Update I get a cue to install the same packages and in fact the patch which has been used to fix the problem, as is described in the patch description. When I install that or allow it to be installed, it breaks evolution again. From Yast> Online Update > Patches: Recommended Update for Webkit2gtk3,
openSUSE-SLE-15.5-2023-4474 - Recommended update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
- Rendering of e-mails in Evolution is blank when using the proprietary NVIDIA driver (bsc#1216778)
References:
1216778 (bugzilla) : Unable to read the text of emails in Evolution
ALSO there a number of Security Updates that are there: Security update for Webkit2gtk3 (there are three of these),
#1
openSUSE-SLE-15.5-2023-4828 - Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
Update to version 2.42.3 (bsc#1217844):
Fix flickering while playing videos with DMA-BUF sink.
Fix color picker being triggered in the inspector when typing “tan”.
Do not special case the “sans” font family name.
Fix build failure with libxml2 version 2.12.0 due to an API change.
Fix several crashes and rendering issues.
Security fixes: CVE-2023-42916, CVE-2023-42917.
References:
- 1217844 (bugzilla) : VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0011
- CVE-2023-42917 (cve) : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42917
- CVE-2023-42916 (cve) : CVE - CVE-2023-42916
#2
openSUSE-SLE-15.5-2023-4561 - Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
Update to version 2.42.2 (bsc#1217210):
CVE-2023-41983: Processing web content may lead to a denial-of-service.
CVE-2023-42852: Processing web content may lead to arbitrary code execution.
Already previously fixed:
CVE-2022-32919: Visiting a website that frames malicious content may lead to UI spoofing (fixed already in 2.38.4).
CVE-2022-32933: A website may be able to track the websites a user visited in private browsing mode (fixed already in 2.38.0).
CVE-2022-46705: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4).
CVE-2022-46725: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4).
CVE-2023-32359: A user’s password may be read aloud by a text-to-speech accessibility feature (fixed already in 2.42.0).
References:
- 1217210 (bugzilla) : VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0010
- CVE-2023-41983 (cve) : CVE - CVE-2023-41983
- CVE-2023-42852 (cve) : CVE - CVE-2023-42852
- CVE-2022-32919 (cve) : CVE - CVE-2022-32919
- CVE-2022-32933 (cve) : CVE - CVE-2022-32933
- CVE-2022-46705 (cve) : CVE - CVE-2022-46705
- CVE-2022-46725 (cve) : CVE - CVE-2022-46725
- CVE-2023-32359 (cve) : CVE - CVE-2023-32359
#3
openSUSE-SLE-15.5-2023-4294 - Security update for webkit2gtk3
This update for webkit2gtk3 ships missing Lang packages to SUSE Linux Enterprise 15 SP4 and SP5.
Security fixes:
- CVE-2023-41993: Fixed an issue where processing malicious web
content could have lead to arbitrary code execution (bsc#1215661).
- CVE-2023-39928: Fixed a use-after-free that could be exploited to
execute arbitrary code when visiting a malicious webpage (bsc#1215868).
- CVE-2023-41074: Fixed an issue where processing malicious web
content could have lead to arbitrary code execution (bsc#1215870).
Other fixes:
- Fixed missing package dependencies (bsc#1215072).
References:
- 1216483 (bugzilla) : VUL-0: webkit2gtk3: regression in security fix
- 1214835 (bugzilla) : 15.5 patch cant get handled automatically? - openSUSE-SLE-15.5-2023-3413-1
- 1214640 (bugzilla) : Dependency issue with WebKit2GTK in patch:openSUSE-SLE-15.4-2023-3419-1.noarch
- 1214093 (bugzilla) : openSUSE-SLE-15.4-2023-3233 fails to install due to missing libwebkit2gtk3 = 2.40.5
- 1215661 (bugzilla) : VUL-0: CVE-2023-41993: webkit2gtk3,libqt5-qtwebkit,libQtWebKit4,webkitgtk: processing malicious web content may lead to arbitrary code execution
- 1215868 (bugzilla) : VUL-0: CVE-2023-39928: libQtWebKit4,libqt5-qtwebkit,webkit2gtk3,webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports
- 1215870 (bugzilla) : VUL-0: CVE-2023-41074: libQtWebKit4,libqt5-qtwebkit,webkit2gtk3,webkitgtk: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009
- 1215072 (bugzilla) : error when starting emacs, because dependency missing to wayland package.
- 1215866 (bugzilla) : VUL-0: CVE-2023-35074: libQtWebKit4,libqt5-qtwebkit,webkit2gtk3,webkitgtk: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009
- 1215867 (bugzilla) : VUL-0: CVE-2023-39434: libQtWebKit4,libqt5-qtwebkit,webkit2gtk3,webkitgtk: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009
- 1215869 (bugzilla) : VUL-0: CVE-2023-40451: libQtWebKit4,libqt5-qtwebkit,webkit2gtk3,webkitgtk: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009
- CVE-2023-41993 (cve) : CVE - CVE-2023-41993
- CVE-2023-39928 (cve) : CVE - CVE-2023-39928
- CVE-2023-41074 (cve) : CVE - CVE-2023-41074
- CVE-2023-39434 (cve) : CVE - CVE-2023-39434
- CVE-2023-40451 (cve) : CVE - CVE-2023-40451
- CVE-2023-35074 (cve) : CVE - CVE-2023-35074
There are 4 packages that are marked to be updated.
#1 version 2.40.5-150400.4.51.1 installed, current version 2.42.3-150400.4.67.1
WebKitGTK-4.0-lang - Translations for package webkit2gtk3-soup2
Provides translations for the “webkit2gtk3-soup2” package.
#2 version 2.40.5-150400.4.51.1 installed, current version 2.42.3-150400.4.67.1
libjavascriptcoregtk-4_0-18 - JavaScript Core Engine, GTK+ Port
WebKit is a web content engine, derived from KHTML and KJS from KDE, and used primarily in Apple’s Safari browser. It is made to be embedded in other applications, such as mail readers, or web browsers.
It is able to display content such as HTML, SVG, XML, and others. It also supports DOM,
XMLHttpRequest, XSLT, CSS, Javascript/ECMAscript and more
#3 version 2.40.5-150400.4.51.1 installed, current version 2.42.3-150400.4.67.1
libwebkit2gtk-4_0-37 - Library for rendering web content, GTK+ Port
WebKit is a web content engine, derived from KHTML and KJS from KDE, and used primarily in Apple’s Safari browser. It is made to be embedded in other applications, such as mail readers, or web browsers.
It is able to display content such as HTML, SVG, XML, and others. It also supports DOM, XMLHttpRequest, XSLT, CSS, Javascript/ECMAscript and more.
#4 version 2.40.5-150400.4.51.1 installed, current version 2.42.3-150400.4.67.1
webkit2gtk-4_0-injected-bundles - Injected bundles for webkit2gtk3-soup2
WebKit is a web content engine, derived from KHTML and KJS from KDE, and used primarily in Apple’s Safari browser. It is made to be embedded in other applications, such as mail readers, or web browsers.
It is able to display content such as HTML, SVG, XML, and others. It also supports DOM, XMLHttpRequest, XSLT, CSS, Javascript/ECMAscript and more.