Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Important: webkit2gtk3 security and bug fix update

Related Vulnerabilities: CVE-2022-32886   CVE-2022-32888   CVE-2022-32923   CVE-2022-42799   CVE-2022-42823   CVE-2022-42824   CVE-2022-42826   CVE-2022-42852   CVE-2022-42863   CVE-2022-42867   CVE-2022-46691   CVE-2022-46692   CVE-2022-46698   CVE-2022-46699   CVE-2022-46700   CVE-2023-23517   CVE-2023-23518   CVE-2023-25358   CVE-2023-25360   CVE-2023-25361   CVE-2023-25362   CVE-2023-25363  

Source

Synopsis

Important: webkit2gtk3 security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

  • webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42826)
  • webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23517)
  • webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23518)
  • webkitgtk: buffer overflow issue was addressed with improved memory handling (CVE-2022-32886)
  • webkitgtk: out-of-bounds write issue was addressed with improved bounds checking (CVE-2022-32888)
  • webkitgtk: correctness issue in the JIT was addressed with improved checks (CVE-2022-32923)
  • webkitgtk: issue was addressed with improved UI handling (CVE-2022-42799)
  • webkitgtk: type confusion issue leading to arbitrary code execution (CVE-2022-42823)
  • webkitgtk: sensitive information disclosure issue (CVE-2022-42824)
  • webkitgtk: memory disclosure issue was addressed with improved memory handling (CVE-2022-42852)
  • webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-42863)
  • webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42867)
  • webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46691)
  • webkitgtk: Same Origin Policy bypass issue (CVE-2022-46692)
  • webkitgtk: logic issue leading to user information disclosure (CVE-2022-46698)
  • webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46699)
  • webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46700)
  • webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild() (CVE-2023-25358)
  • webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer() (CVE-2023-25360)
  • webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling() (CVE-2023-25361)
  • webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps() (CVE-2023-25362)
  • webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags() (CVE-2023-25363)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2127468 - Upgrade WebKitGTK for RHEL 8.8
  • BZ - 2128643 - CVE-2022-32886 webkitgtk: buffer overflow issue was addressed with improved memory handling
  • BZ - 2140501 - CVE-2022-32888 webkitgtk: out-of-bounds write issue was addressed with improved bounds checking
  • BZ - 2140502 - CVE-2022-32923 webkitgtk: correctness issue in the JIT was addressed with improved checks
  • BZ - 2140503 - CVE-2022-42799 webkitgtk: issue was addressed with improved UI handling
  • BZ - 2140504 - CVE-2022-42824 webkitgtk: sensitive information disclosure issue
  • BZ - 2140505 - CVE-2022-42823 webkitgtk: type confusion issue leading to arbitrary code execution
  • BZ - 2150970 - Can't create Google account
  • BZ - 2156986 - CVE-2022-42852 webkitgtk: memory disclosure issue was addressed with improved memory handling
  • BZ - 2156987 - CVE-2022-42863 webkitgtk: memory corruption issue leading to arbitrary code execution
  • BZ - 2156989 - CVE-2022-42867 webkitgtk: use-after-free issue leading to arbitrary code execution
  • BZ - 2156990 - CVE-2022-46691 webkitgtk: memory corruption issue leading to arbitrary code execution
  • BZ - 2156991 - CVE-2022-46692 webkitgtk: Same Origin Policy bypass issue
  • BZ - 2156992 - CVE-2022-46698 webkitgtk: logic issue leading to user information disclosure
  • BZ - 2156993 - CVE-2022-46699 webkitgtk: memory corruption issue leading to arbitrary code execution
  • BZ - 2156994 - CVE-2022-46700 webkitgtk: memory corruption issue leading to arbitrary code execution
  • BZ - 2167715 - CVE-2023-23518 webkitgtk: memory corruption issue leading to arbitrary code execution
  • BZ - 2167716 - CVE-2022-42826 webkitgtk: use-after-free issue leading to arbitrary code execution
  • BZ - 2167717 - CVE-2023-23517 webkitgtk: memory corruption issue leading to arbitrary code execution
  • BZ - 2175099 - CVE-2023-25358 webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild()
  • BZ - 2175101 - CVE-2023-25360 webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer()
  • BZ - 2175103 - CVE-2023-25361 webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling()
  • BZ - 2175105 - CVE-2023-25362 webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps()
  • BZ - 2175107 - CVE-2023-25363 webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags()

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started