Red Hat Security Advisory 2022-1777-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, cross site scripting, information leakage, out of bounds read, and use-after-free vulnerabilities.
1b42edcf15bc395449a2f06f7c24ba1c5002c9b86ced5974af0fc8fe1f4ffeb1-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update
Advisory ID: RHSA-2022:1777-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1777
Issue date: 2022-05-10
CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823
CVE-2021-30836 CVE-2021-30846 CVE-2021-30848
CVE-2021-30849 CVE-2021-30851 CVE-2021-30884
CVE-2021-30887 CVE-2021-30888 CVE-2021-30889
CVE-2021-30890 CVE-2021-30897 CVE-2021-30934
CVE-2021-30936 CVE-2021-30951 CVE-2021-30952
CVE-2021-30953 CVE-2021-30954 CVE-2021-30984
CVE-2021-45481 CVE-2021-45482 CVE-2021-45483
CVE-2022-22589 CVE-2022-22590 CVE-2022-22592
CVE-2022-22594 CVE-2022-22620 CVE-2022-22637
=====================================================================
1. Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the
GTK platform.
The following packages have been upgraded to a later upstream version:
webkit2gtk3 (2.34.6). (BZ#1985042)
Security Fix(es):
* webkitgtk: maliciously crafted web content may lead to arbitrary code
execution due to use after free (CVE-2022-22620)
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2021-30809)
* webkitgtk: Type confusion issue leading to arbitrary code execution
(CVE-2021-30818)
* webkitgtk: Logic issue leading to HSTS bypass (CVE-2021-30823)
* webkitgtk: Memory corruption issue leading to arbitrary code execution
(CVE-2021-30846)
* webkitgtk: Memory corruption issue leading to arbitrary code execution
(CVE-2021-30848)
* webkitgtk: Multiple memory corruption issue leading to arbitrary code
execution (CVE-2021-30849)
* webkitgtk: Memory corruption issue leading to arbitrary code execution
(CVE-2021-30851)
* webkitgtk: Logic issue leading to Content Security Policy bypass
(CVE-2021-30887)
* webkitgtk: Information leak via Content Security Policy reports
(CVE-2021-30888)
* webkitgtk: Buffer overflow leading to arbitrary code execution
(CVE-2021-30889)
* webkitgtk: Logic issue leading to universal cross-site scripting
(CVE-2021-30890)
* webkitgtk: Cross-origin data exfiltration via resource timing API
(CVE-2021-30897)
* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30934)
* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30936)
* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30951)
* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30952)
* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30953)
* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30954)
* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30984)
* webkitgtk: Incorrect memory allocation in
WebCore::ImageBufferCairoImageSurfaceBackend::create (CVE-2021-45481)
* webkitgtk: use-after-free in WebCore::ContainerNode::firstChild
(CVE-2021-45482)
* webkitgtk: use-after-free in WebCore::Frame::page (CVE-2021-45483)
* webkitgtk: Processing a maliciously crafted mail message may lead to
running arbitrary javascript (CVE-2022-22589)
* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2022-22590)
* webkitgtk: Processing maliciously crafted web content may prevent Content
Security Policy from being enforced (CVE-2022-22592)
* webkitgtk: A malicious website may exfiltrate data cross-origin
(CVE-2022-22594)
* webkitgtk: logic issue was addressed with improved state management
(CVE-2022-22637)
* webkitgtk: Out-of-bounds read leading to memory disclosure
(CVE-2021-30836)
* webkitgtk: CSS compositing issue leading to revealing of the browsing
history (CVE-2021-30884)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.6 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1985042 - Upgrade WebKitGTK for RHEL 8.6
2017898 - CVE-2021-30846 webkitgtk: Memory corruption issue leading to arbitrary code execution
2017901 - CVE-2021-30848 webkitgtk: Memory corruption issue leading to arbitrary code execution
2017904 - CVE-2021-30849 webkitgtk: Multiple memory corruption issue leading to arbitrary code execution
2018573 - CVE-2021-30851 webkitgtk: Memory corruption issue leading to arbitrary code execution
2034347 - CVE-2021-30809 webkitgtk: Use-after-free leading to arbitrary code execution
2034368 - CVE-2021-30818 webkitgtk: Type confusion issue leading to arbitrary code execution
2034373 - CVE-2021-30823 webkitgtk: Logic issue leading to HSTS bypass
2034376 - CVE-2021-30836 webkitgtk: Out-of-bounds read leading to memory disclosure
2034378 - CVE-2021-30884 webkitgtk: CSS compositing issue leading to revealing of the browsing history
2034381 - CVE-2021-30887 webkitgtk: Logic issue leading to Content Security Policy bypass
2034383 - CVE-2021-30888 webkitgtk: Information leak via Content Security Policy reports
2034386 - CVE-2021-30889 webkitgtk: Buffer overflow leading to arbitrary code execution
2034389 - CVE-2021-30890 webkitgtk: Logic issue leading to universal cross-site scripting
2038907 - CVE-2021-30897 webkitgtk: Cross-origin data exfiltration via resource timing API
2040327 - CVE-2021-45481 webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create
2040329 - CVE-2021-45482 webkitgtk: use-after-free in WebCore::ContainerNode::firstChild
2040331 - CVE-2021-45483 webkitgtk: use-after-free in WebCore::Frame::page
2041559 - Doesn't show document with ongoing resources' download immediately
2044521 - CVE-2021-30934 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044528 - CVE-2021-30936 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044534 - CVE-2021-30951 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044538 - CVE-2021-30952 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044542 - CVE-2021-30953 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044551 - CVE-2021-30954 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044553 - CVE-2021-30984 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2045291 - CVE-2022-22594 webkitgtk: A malicious website may exfiltrate data cross-origin
2053179 - CVE-2022-22589 webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript
2053181 - CVE-2022-22590 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2053185 - CVE-2022-22592 webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
2056474 - CVE-2022-22620 webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free
2073903 - CVE-2022-22637 webkitgtk: logic issue was addressed with improved state management
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
webkit2gtk3-2.34.6-1.el8.src.rpm
aarch64:
webkit2gtk3-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm
ppc64le:
webkit2gtk3-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
s390x:
webkit2gtk3-2.34.6-1.el8.s390x.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm
webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm
webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm
x86_64:
webkit2gtk3-2.34.6-1.el8.i686.rpm
webkit2gtk3-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-devel-2.34.6-1.el8.i686.rpm
webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm
webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-30809
https://access.redhat.com/security/cve/CVE-2021-30818
https://access.redhat.com/security/cve/CVE-2021-30823
https://access.redhat.com/security/cve/CVE-2021-30836
https://access.redhat.com/security/cve/CVE-2021-30846
https://access.redhat.com/security/cve/CVE-2021-30848
https://access.redhat.com/security/cve/CVE-2021-30849
https://access.redhat.com/security/cve/CVE-2021-30851
https://access.redhat.com/security/cve/CVE-2021-30884
https://access.redhat.com/security/cve/CVE-2021-30887
https://access.redhat.com/security/cve/CVE-2021-30888
https://access.redhat.com/security/cve/CVE-2021-30889
https://access.redhat.com/security/cve/CVE-2021-30890
https://access.redhat.com/security/cve/CVE-2021-30897
https://access.redhat.com/security/cve/CVE-2021-30934
https://access.redhat.com/security/cve/CVE-2021-30936
https://access.redhat.com/security/cve/CVE-2021-30951
https://access.redhat.com/security/cve/CVE-2021-30952
https://access.redhat.com/security/cve/CVE-2021-30953
https://access.redhat.com/security/cve/CVE-2021-30954
https://access.redhat.com/security/cve/CVE-2021-30984
https://access.redhat.com/security/cve/CVE-2021-45481
https://access.redhat.com/security/cve/CVE-2021-45482
https://access.redhat.com/security/cve/CVE-2021-45483
https://access.redhat.com/security/cve/CVE-2022-22589
https://access.redhat.com/security/cve/CVE-2022-22590
https://access.redhat.com/security/cve/CVE-2022-22592
https://access.redhat.com/security/cve/CVE-2022-22594
https://access.redhat.com/security/cve/CVE-2022-22620
https://access.redhat.com/security/cve/CVE-2022-22637
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYnqQrdzjgjWX9erEAQi/6BAAhaqaCDj0g7uJ6LdXEng5SqGBFl5g6GIV
p/WSKyL+tI3BpKaaUWr6+d4tNnaQbKxhRTwTSJa8GMrOc7n6Y7LO8Y7mQj3bEFvn
z3HHLZK8EMgDUz4I0esuh0qNWnfsD/vJDuGbXlHLdNLlc5XzgX7YA6eIb1lxSbxV
ueSENHohbMJLbWoeI2gMUYGb5cAzBHrgdmFIsr4XUd6sr5Z1ZOPnQPf36vrXGdzj
mPXPijZtr9QiPgwijm4/DkJG7NQ4KyaPMOKauC7PEB1AHWIwHteRnVxnWuZLjpMf
RqYBQu2pYeTiyGky+ozshJ81mdfLyUQBR/+4KbB2TMFZHDlhxzNFZrErh4+dfQja
Cuf+IwTOSZgC/8XouTQMA27KFSYKd4PzwnB3yQeGU0NA/VngYp12BegeVHlDiadS
hO+mAk/BAAesdywt7ZTU1e1yROLm/jp0VcmvkQO+gh2WhErEFV3s0qnsu1dfuLY7
B1e0z6c/vp8lkSFs2fcx0Oq1S7nGIGZiR66loghp03nDoCcxblsxBcFV9CNq6yVG
BkEAFzMb/AHxqn7KbZeN6g4Los+3Dr7eFYPGUkVEXy+AbHqE+b99pT2TIjCOMh/L
wXOE+nX3KXbD5MCqvmF2K6w+MfIf3AxzzgirwXyLewSP8NKBmsdBtgwbgFam1QfM
Uqt+dghxtOQ=
=LCNn
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed