Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Important: webkit2gtk3 security and bug fix update

Related Vulnerabilities: CVE-2022-32885   CVE-2023-27932   CVE-2023-27954   CVE-2023-28198   CVE-2023-32370   CVE-2023-32393   CVE-2023-38133   CVE-2023-38572   CVE-2023-38592   CVE-2023-38594   CVE-2023-38595   CVE-2023-38597   CVE-2023-38599   CVE-2023-38600   CVE-2023-38611   CVE-2023-39434   CVE-2023-40397   CVE-2023-40451  

Source

Synopsis

Important: webkit2gtk3 security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

  • webkitgtk: arbitrary code execution (CVE-2023-32393)
  • webkitgtk: bypass Same Origin Policy (CVE-2023-38572)
  • webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-38592)
  • webkitgtk: arbitrary code execution (CVE-2023-38594)
  • webkitgtk: arbitrary code execution (CVE-2023-38595)
  • webkitgtk: arbitrary code execution (CVE-2023-38597)
  • webkitgtk: arbitrary code execution (CVE-2023-38600)
  • webkitgtk: arbitrary code execution (CVE-2023-38611)
  • webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
  • webkitgtk: Same Origin Policy bypass via crafted web content (CVE-2023-27932)
  • webkitgtk: Website may be able to track sensitive user information (CVE-2023-27954)
  • webkitgtk: use after free vulnerability (CVE-2023-28198)
  • webkitgtk: content security policy blacklist failure (CVE-2023-32370)
  • webkitgtk: disclose sensitive information (CVE-2023-38133)
  • webkitgtk: track sensitive user information (CVE-2023-38599)
  • webkitgtk: processing web content may lead to arbitrary code execution (CVE-2023-39434)
  • webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
  • webkitgtk: attacker with JavaScript execution may be able to execute arbitrary code (CVE-2023-40451)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2176270 - Upgrade WebKitGTK for RHEL 9.3
  • BZ - 2224608 - CVE-2023-32393 webkitgtk: arbitrary code execution
  • BZ - 2231015 - CVE-2023-38133 webkitgtk: disclose sensitive information
  • BZ - 2231017 - CVE-2023-38592 webkitgtk: Processing web content may lead to arbitrary code execution
  • BZ - 2231018 - CVE-2023-38594 webkitgtk: arbitrary code execution
  • BZ - 2231019 - CVE-2023-38595 webkitgtk: arbitrary code execution
  • BZ - 2231020 - CVE-2023-38599 webkitgtk: track sensitive user information
  • BZ - 2231021 - CVE-2023-38600 webkitgtk: arbitrary code execution
  • BZ - 2231022 - CVE-2023-38611 webkitgtk: arbitrary code execution
  • BZ - 2231028 - CVE-2023-38572 webkitgtk: bypass Same Origin Policy
  • BZ - 2231043 - CVE-2023-38597 webkitgtk: arbitrary code execution
  • BZ - 2236842 - CVE-2022-32885 webkitgtk: Memory corruption issue when processing web content
  • BZ - 2236843 - CVE-2023-27932 webkitgtk: Same Origin Policy bypass via crafted web content
  • BZ - 2236844 - CVE-2023-27954 webkitgtk: Website may be able to track sensitive user information
  • BZ - 2238943 - CVE-2023-28198 webkitgtk: use after free vulnerability
  • BZ - 2238944 - CVE-2023-32370 webkitgtk: content security policy blacklist failure
  • BZ - 2238945 - CVE-2023-40397 webkitgtk: arbitrary javascript code execution
  • BZ - 2241405 - CVE-2023-39434 webkitgtk: processing web content may lead to arbitrary code execution
  • BZ - 2241409 - CVE-2023-40451 webkitgtk: attacker with JavaScript execution may be able to execute arbitrary code

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started