Red Hat Security Advisory 2023-2834-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.
6a679e9dc0d3212115b238f42e43baea6a5e8542be4f1c84823386414d8836cb
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: webkit2gtk3 security and bug fix update
Advisory ID: RHSA-2023:2834-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2834
Issue date: 2023-05-16
CVE Names: CVE-2022-32886 CVE-2022-32888 CVE-2022-32923
CVE-2022-42799 CVE-2022-42823 CVE-2022-42824
CVE-2022-42826 CVE-2022-42852 CVE-2022-42863
CVE-2022-42867 CVE-2022-46691 CVE-2022-46692
CVE-2022-46698 CVE-2022-46699 CVE-2022-46700
CVE-2023-23517 CVE-2023-23518 CVE-2023-25358
CVE-2023-25360 CVE-2023-25361 CVE-2023-25362
CVE-2023-25363
====================================================================
1. Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the
GTK platform.
Security Fix(es):
* webkitgtk: use-after-free issue leading to arbitrary code execution
(CVE-2022-42826)
* webkitgtk: memory corruption issue leading to arbitrary code execution
(CVE-2023-23517)
* webkitgtk: memory corruption issue leading to arbitrary code execution
(CVE-2023-23518)
* webkitgtk: buffer overflow issue was addressed with improved memory
handling (CVE-2022-32886)
* webkitgtk: out-of-bounds write issue was addressed with improved bounds
checking (CVE-2022-32888)
* webkitgtk: correctness issue in the JIT was addressed with improved
checks (CVE-2022-32923)
* webkitgtk: issue was addressed with improved UI handling (CVE-2022-42799)
* webkitgtk: type confusion issue leading to arbitrary code execution
(CVE-2022-42823)
* webkitgtk: sensitive information disclosure issue (CVE-2022-42824)
* webkitgtk: memory disclosure issue was addressed with improved memory
handling (CVE-2022-42852)
* webkitgtk: memory corruption issue leading to arbitrary code execution
(CVE-2022-42863)
* webkitgtk: use-after-free issue leading to arbitrary code execution
(CVE-2022-42867)
* webkitgtk: memory corruption issue leading to arbitrary code execution
(CVE-2022-46691)
* webkitgtk: Same Origin Policy bypass issue (CVE-2022-46692)
* webkitgtk: logic issue leading to user information disclosure
(CVE-2022-46698)
* webkitgtk: memory corruption issue leading to arbitrary code execution
(CVE-2022-46699)
* webkitgtk: memory corruption issue leading to arbitrary code execution
(CVE-2022-46700)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild()
(CVE-2023-25358)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer()
(CVE-2023-25360)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling()
(CVE-2023-25361)
* webkitgtk: heap-use-after-free in
WebCore::RenderLayer::repaintBlockSelectionGaps() (CVE-2023-25362)
* webkitgtk: heap-use-after-free in
WebCore::RenderLayer::updateDescendantDependentFlags() (CVE-2023-25363)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.8 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2127468 - Upgrade WebKitGTK for RHEL 8.8
2128643 - CVE-2022-32886 webkitgtk: buffer overflow issue was addressed with improved memory handling
2140501 - CVE-2022-32888 webkitgtk: out-of-bounds write issue was addressed with improved bounds checking
2140502 - CVE-2022-32923 webkitgtk: correctness issue in the JIT was addressed with improved checks
2140503 - CVE-2022-42799 webkitgtk: issue was addressed with improved UI handling
2140504 - CVE-2022-42824 webkitgtk: sensitive information disclosure issue
2140505 - CVE-2022-42823 webkitgtk: type confusion issue leading to arbitrary code execution
2150970 - Can't create Google account
2156986 - CVE-2022-42852 webkitgtk: memory disclosure issue was addressed with improved memory handling
2156987 - CVE-2022-42863 webkitgtk: memory corruption issue leading to arbitrary code execution
2156989 - CVE-2022-42867 webkitgtk: use-after-free issue leading to arbitrary code execution
2156990 - CVE-2022-46691 webkitgtk: memory corruption issue leading to arbitrary code execution
2156991 - CVE-2022-46692 webkitgtk: Same Origin Policy bypass issue
2156992 - CVE-2022-46698 webkitgtk: logic issue leading to user information disclosure
2156993 - CVE-2022-46699 webkitgtk: memory corruption issue leading to arbitrary code execution
2156994 - CVE-2022-46700 webkitgtk: memory corruption issue leading to arbitrary code execution
2167715 - CVE-2023-23518 webkitgtk: memory corruption issue leading to arbitrary code execution
2167716 - CVE-2022-42826 webkitgtk: use-after-free issue leading to arbitrary code execution
2167717 - CVE-2023-23517 webkitgtk: memory corruption issue leading to arbitrary code execution
2175099 - CVE-2023-25358 webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild()
2175101 - CVE-2023-25360 webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer()
2175103 - CVE-2023-25361 webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling()
2175105 - CVE-2023-25362 webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps()
2175107 - CVE-2023-25363 webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags()
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
webkit2gtk3-2.38.5-1.el8.src.rpm
aarch64:
webkit2gtk3-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-debugsource-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-devel-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-jsc-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8.aarch64.rpm
ppc64le:
webkit2gtk3-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-devel-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-jsc-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8.ppc64le.rpm
s390x:
webkit2gtk3-2.38.5-1.el8.s390x.rpm
webkit2gtk3-debuginfo-2.38.5-1.el8.s390x.rpm
webkit2gtk3-debugsource-2.38.5-1.el8.s390x.rpm
webkit2gtk3-devel-2.38.5-1.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el8.s390x.rpm
webkit2gtk3-jsc-2.38.5-1.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8.s390x.rpm
x86_64:
webkit2gtk3-2.38.5-1.el8.i686.rpm
webkit2gtk3-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.38.5-1.el8.i686.rpm
webkit2gtk3-debuginfo-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-debugsource-2.38.5-1.el8.i686.rpm
webkit2gtk3-debugsource-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-devel-2.38.5-1.el8.i686.rpm
webkit2gtk3-devel-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-jsc-2.38.5-1.el8.i686.rpm
webkit2gtk3-jsc-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el8.i686.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-32886
https://access.redhat.com/security/cve/CVE-2022-32888
https://access.redhat.com/security/cve/CVE-2022-32923
https://access.redhat.com/security/cve/CVE-2022-42799
https://access.redhat.com/security/cve/CVE-2022-42823
https://access.redhat.com/security/cve/CVE-2022-42824
https://access.redhat.com/security/cve/CVE-2022-42826
https://access.redhat.com/security/cve/CVE-2022-42852
https://access.redhat.com/security/cve/CVE-2022-42863
https://access.redhat.com/security/cve/CVE-2022-42867
https://access.redhat.com/security/cve/CVE-2022-46691
https://access.redhat.com/security/cve/CVE-2022-46692
https://access.redhat.com/security/cve/CVE-2022-46698
https://access.redhat.com/security/cve/CVE-2022-46699
https://access.redhat.com/security/cve/CVE-2022-46700
https://access.redhat.com/security/cve/CVE-2023-23517
https://access.redhat.com/security/cve/CVE-2023-23518
https://access.redhat.com/security/cve/CVE-2023-25358
https://access.redhat.com/security/cve/CVE-2023-25360
https://access.redhat.com/security/cve/CVE-2023-25361
https://access.redhat.com/security/cve/CVE-2023-25362
https://access.redhat.com/security/cve/CVE-2023-25363
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZGNwwdzjgjWX9erEAQi3tBAAjImojT9z/AQ07EueAkwPWY9qnR++Q8+p
CVRVlNDkP/wfqxA1GthBBKCrholfiWqbk4HWgyoZCN/WaSD0T1I2asc/Y4bbBoc8
U1+0blOxRvZrSKQin22U/XW2wS8xYqBQLRuokwB0VSYhG5H2Q+zVqMp1AncKmTFb
hS9WLdX4e4JDp+WLgvSmr3uDSnAjp67oXdjxtPhE1Buf/MU8GpHfvmQPAFe50HAm
kf50Zf8dQK2XgRgefNBKgNM/xXPOQI+dozNwyNV+XZxOlIQX5N+wyuRVsIWOrOPu
KJkSSugX+FuVAYdNBY0sRxT5kmPao4jUqPPZ8gsHlySCOpRj18IAnuQwEfHoxZKf
xbTlGkhHjqfsCm7M4s/iDuJPd1tiXAJCbxZpPqP5ky6n0qTAq3O65fwFHgp/uGZp
8nmvkD3nuZhEk2GcCkAxUkIqpaYvLqHUX+sH7ujQ0tZNONOYTEVNsMQmCZqNkSVv
CdAnDx4iwR2KtLKamRo5EIVA72lksLTNVz7dFZy497CMcapX5yR7E1c2ht11vQS0
U0tYmvklWwTxqV9QGHnXblEWki631sOfO+Ku87INm5E75RGpzT8lc9LxHgwn4rV5
KQ7/AGQWND349MlDqM6WP/B3JHzxSH/S3uMIlUvcNjqYwqSjv8sjU96SiZaEAtRp
TrPuMTnh/ro=FlQx
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce