Impact of webkit2gtk3 vulnerability on AutoSys
search cancel

Impact of webkit2gtk3 vulnerability on AutoSys

book

Article ID: 436370

calendar_today

Updated On:

Products

Autosys Workload Automation

Issue/Introduction

Vulnerability scanners (such as Nessus or Qualys) may report high-severity security findings on Linux servers hosting AutoSys components. A common example is **Vulnerability ID 761878** (SUSE-SU-2026:1150-1) related to `webkit2gtk3`.

These packages are often installed by default as part of a standard OS build or graphical desktop environment but may not be updated during standard application patching cycles.

Environment

Product: AutoSys Workload Automation
Component: Scheduler, Application Server, Web UI (WCC), Embedded Entitlements Manager (EEM)
Operating System: Linux (SUSE Enterprise Linux 15, RHEL, etc.)

Cause

AutoSys and its core security component, CA Embedded Entitlements Manager (EEM), are console-based or web-based applications. They do not utilize graphical desktop libraries or GNOME-based utilities for their core operations. The vulnerability exists in OS-level packages that were included in the server's original image but are not dependencies for AutoSys.

Resolution

It has been confirmed that AutoSys does not require `webkit2gtk3` or its associated graphical libraries. These packages can be safely removed to remediate security findings.

Impacted Package List
The following packages (and their variations) are typically identified as unneeded for AutoSys operations:

  • libgoa-backend-1_0-1
  • libjavascriptcoregtk-4_0-18
  • libmutter0
  • libwebkit2gtk-4_0-37
  • libyelp0
  • mutter
  • mutter-data
  • mutter-lang
  • typelib-1_0-JavaScriptCore-4_0
  • typelib-1_0-WebKit2-4_0
  • webkit2gtk-4_0-injected-bundles
  • yelp
  • yelp-lang
  • yelp-xsl
  • zenity
  • zenity-lang

Remediation Steps

  1. Verify Dependencies:
    Before removal, verify if any other non-AutoSys third-party applications on the server require these libraries.
    Review this command before running it:

    rpm -q --whatrequires <package_name>

    (Repeat for other critical packages to ensure no OS-specific tools require them.)*

  2. Remove Packages from a lower environment:
    This command will make changes to your system. Review it carefully before running.

    Example for SUSE (zypper) or RHEL (yum/dnf)

    zypper remove libwebkit2gtk-4_0-37 zenity yelp

  3. Validate AutoSys Health:
    After removal, restart AutoSys services and monitor the `event_demon` and `as_server` logs to ensure normal operation.

  4. Promote to Production:
    Once validated in a lower environment, proceed with the removal on Production servers following your standard change management process.
Powered by Wolken Software