RedHat: RHSA-2023-2834:01 Important: webkit2gtk3
Summary
WebKitGTK is the port of the portable web rendering engine WebKit to the
GTK platform.
Security Fix(es):
* webkitgtk: use-after-free issue leading to arbitrary code execution
(CVE-2022-42826)
* webkitgtk: memory corruption issue leading to arbitrary code execution
(CVE-2023-23517)
* webkitgtk: memory corruption issue leading to arbitrary code execution
(CVE-2023-23518)
* webkitgtk: buffer overflow issue was addressed with improved memory
handling (CVE-2022-32886)
* webkitgtk: out-of-bounds write issue was addressed with improved bounds
checking (CVE-2022-32888)
* webkitgtk: correctness issue in the JIT was addressed with improved
checks (CVE-2022-32923)
* webkitgtk: issue was addressed with improved UI handling (CVE-2022-42799)
* webkitgtk: type confusion issue leading to arbitrary code execution
(CVE-2022-42823)
* webkitgtk: sensitive information disclosure issue (CVE-2022-42824)
* webkitgtk: memory disclosure issue was addressed with improved memory
handling (CVE-2022-42852)
* webkitgtk: memory corruption issue leading to arbitrary code execution
(CVE-2022-42863)
* webkitgtk: use-after-free issue leading to arbitrary code execution
(CVE-2022-42867)
* webkitgtk: memory corruption issue leading to arbitrary code execution
(CVE-2022-46691)
* webkitgtk: Same Origin Policy bypass issue (CVE-2022-46692)
* webkitgtk: logic issue leading to user information disclosure
(CVE-2022-46698)
* webkitgtk: memory corruption issue leading to arbitrary code execution
(CVE-2022-46699)
* webkitgtk: memory corruption issue leading to arbitrary code execution
(CVE-2022-46700)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild()
(CVE-2023-25358)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer()
(CVE-2023-25360)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling()
(CVE-2023-25361)
* webkitgtk: heap-use-after-free in
WebCore::RenderLayer::repaintBlockSelectionGaps() (CVE-2023-25362)
* webkitgtk: heap-use-after-free in
WebCore::RenderLayer::updateDescendantDependentFlags() (CVE-2023-25363)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.8 Release Notes linked from the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2022-32886 https://access.redhat.com/security/cve/CVE-2022-32888 https://access.redhat.com/security/cve/CVE-2022-32923 https://access.redhat.com/security/cve/CVE-2022-42799 https://access.redhat.com/security/cve/CVE-2022-42823 https://access.redhat.com/security/cve/CVE-2022-42824 https://access.redhat.com/security/cve/CVE-2022-42826 https://access.redhat.com/security/cve/CVE-2022-42852 https://access.redhat.com/security/cve/CVE-2022-42863 https://access.redhat.com/security/cve/CVE-2022-42867 https://access.redhat.com/security/cve/CVE-2022-46691 https://access.redhat.com/security/cve/CVE-2022-46692 https://access.redhat.com/security/cve/CVE-2022-46698 https://access.redhat.com/security/cve/CVE-2022-46699 https://access.redhat.com/security/cve/CVE-2022-46700 https://access.redhat.com/security/cve/CVE-2023-23517 https://access.redhat.com/security/cve/CVE-2023-23518 https://access.redhat.com/security/cve/CVE-2023-25358 https://access.redhat.com/security/cve/CVE-2023-25360 https://access.redhat.com/security/cve/CVE-2023-25361 https://access.redhat.com/security/cve/CVE-2023-25362 https://access.redhat.com/security/cve/CVE-2023-25363 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
Package List
Red Hat Enterprise Linux AppStream (v. 8):
Source:
webkit2gtk3-2.38.5-1.el8.src.rpm
aarch64:
webkit2gtk3-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-debugsource-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-devel-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-jsc-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8.aarch64.rpm
ppc64le:
webkit2gtk3-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-devel-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-jsc-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8.ppc64le.rpm
s390x:
webkit2gtk3-2.38.5-1.el8.s390x.rpm
webkit2gtk3-debuginfo-2.38.5-1.el8.s390x.rpm
webkit2gtk3-debugsource-2.38.5-1.el8.s390x.rpm
webkit2gtk3-devel-2.38.5-1.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el8.s390x.rpm
webkit2gtk3-jsc-2.38.5-1.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8.s390x.rpm
x86_64:
webkit2gtk3-2.38.5-1.el8.i686.rpm
webkit2gtk3-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.38.5-1.el8.i686.rpm
webkit2gtk3-debuginfo-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-debugsource-2.38.5-1.el8.i686.rpm
webkit2gtk3-debugsource-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-devel-2.38.5-1.el8.i686.rpm
webkit2gtk3-devel-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-jsc-2.38.5-1.el8.i686.rpm
webkit2gtk3-jsc-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el8.i686.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
Bugs Fixed
2127468 - Upgrade WebKitGTK for RHEL 8.8
2128643 - CVE-2022-32886 webkitgtk: buffer overflow issue was addressed with improved memory handling
2140501 - CVE-2022-32888 webkitgtk: out-of-bounds write issue was addressed with improved bounds checking
2140502 - CVE-2022-32923 webkitgtk: correctness issue in the JIT was addressed with improved checks
2140503 - CVE-2022-42799 webkitgtk: issue was addressed with improved UI handling
2140504 - CVE-2022-42824 webkitgtk: sensitive information disclosure issue
2140505 - CVE-2022-42823 webkitgtk: type confusion issue leading to arbitrary code execution
2150970 - Can't create Google account
2156986 - CVE-2022-42852 webkitgtk: memory disclosure issue was addressed with improved memory handling
2156987 - CVE-2022-42863 webkitgtk: memory corruption issue leading to arbitrary code execution
2156989 - CVE-2022-42867 webkitgtk: use-after-free issue leading to arbitrary code execution
2156990 - CVE-2022-46691 webkitgtk: memory corruption issue leading to arbitrary code execution
2156991 - CVE-2022-46692 webkitgtk: Same Origin Policy bypass issue
2156992 - CVE-2022-46698 webkitgtk: logic issue leading to user information disclosure
2156993 - CVE-2022-46699 webkitgtk: memory corruption issue leading to arbitrary code execution
2156994 - CVE-2022-46700 webkitgtk: memory corruption issue leading to arbitrary code execution
2167715 - CVE-2023-23518 webkitgtk: memory corruption issue leading to arbitrary code execution
2167716 - CVE-2022-42826 webkitgtk: use-after-free issue leading to arbitrary code execution
2167717 - CVE-2023-23517 webkitgtk: memory corruption issue leading to arbitrary code execution
2175099 - CVE-2023-25358 webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild()
2175101 - CVE-2023-25360 webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer()
2175103 - CVE-2023-25361 webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling()
2175105 - CVE-2023-25362 webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps()
2175107 - CVE-2023-25363 webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags()