Red Hat Security Advisory 2023-7055-01

Red Hat Security Advisory 2023-7055-01: Posted Nov 15, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-7055-01 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Issues addressed include bypass, code execution, and use-after-free vulnerabilities.; tags | advisory, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2022-32885; SHA-256 | 0c9bffef7baf9bec550218d430a40caa1b746a78f2b4e3b720ad6e5925cd0993; Download | Favorite | View

Red Hat Security Advisory 2023-7055-01



The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7055.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff




====================================================================
Red Hat Security Advisory

Synopsis:           Important: webkit2gtk3 security and bug fix update
Advisory ID:        RHSA-2023:7055-01
Product:            Red Hat Enterprise Linux
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7055
Issue date:         2023-11-14
Revision:           01
CVE Names:          CVE-2022-32885
====================================================================

Summary: 

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.




Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: arbitrary code execution (CVE-2023-32393)

* webkitgtk: bypass Same Origin Policy (CVE-2023-38572)

* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-38592)

* webkitgtk: arbitrary code execution (CVE-2023-38594)

* webkitgtk: arbitrary code execution (CVE-2023-38595)

* webkitgtk: arbitrary code execution (CVE-2023-38597)

* webkitgtk: arbitrary code execution (CVE-2023-38600)

* webkitgtk: arbitrary code execution (CVE-2023-38611)

* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)

* webkitgtk: Same Origin Policy bypass via crafted web content (CVE-2023-27932)

* webkitgtk: Website may be able to track sensitive user information (CVE-2023-27954)

* webkitgtk: use after free vulnerability (CVE-2023-28198)

* webkitgtk: content security policy blacklist failure (CVE-2023-32370)

* webkitgtk: disclose sensitive information (CVE-2023-38133)

* webkitgtk: track sensitive user information (CVE-2023-38599)

* webkitgtk: processing web content may lead to arbitrary code execution (CVE-2023-39434)

* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)

* webkitgtk: attacker with JavaScript execution may be able to execute arbitrary code (CVE-2023-40451)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.


Solution:

https://access.redhat.com/articles/11258



CVEs:

CVE-2022-32885

References:

https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index
https://bugzilla.redhat.com/show_bug.cgi?id=2176269
https://bugzilla.redhat.com/show_bug.cgi?id=2224608
https://bugzilla.redhat.com/show_bug.cgi?id=2231015
https://bugzilla.redhat.com/show_bug.cgi?id=2231017
https://bugzilla.redhat.com/show_bug.cgi?id=2231018
https://bugzilla.redhat.com/show_bug.cgi?id=2231019
https://bugzilla.redhat.com/show_bug.cgi?id=2231020
https://bugzilla.redhat.com/show_bug.cgi?id=2231021
https://bugzilla.redhat.com/show_bug.cgi?id=2231022
https://bugzilla.redhat.com/show_bug.cgi?id=2231028
https://bugzilla.redhat.com/show_bug.cgi?id=2231043
https://bugzilla.redhat.com/show_bug.cgi?id=2236842
https://bugzilla.redhat.com/show_bug.cgi?id=2236843
https://bugzilla.redhat.com/show_bug.cgi?id=2236844
https://bugzilla.redhat.com/show_bug.cgi?id=2238943
https://bugzilla.redhat.com/show_bug.cgi?id=2238944
https://bugzilla.redhat.com/show_bug.cgi?id=2238945
https://bugzilla.redhat.com/show_bug.cgi?id=2241405
https://bugzilla.redhat.com/show_bug.cgi?id=2241409

Top Authors In Last 30 Days

Red Hat 383 files
Ubuntu 90 files
Debian 27 files
Gentoo 18 files
tmrswrr 12 files
Ph0s 5 files
R0ckE7 5 files
Google Security Research 4 files
Rahad Chowdhury 4 files
Chizuru Toyama 3 files

File Archives

Systems

AIX (429)
Apple (2,037)
BSD (375)
CentOS (57)
Cisco (1,926)
Debian (6,911)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,379)
HPUX (880)
iOS (363)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (47,839)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (14,618)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,135)
UNIX (9,339)
UnixWare (187)
Windows (6,606)
Other

Red Hat Security Advisory 2023-7055-01

Red Hat Security Advisory 2023-7055-01

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2023-7055-01

Share This

Red Hat Security Advisory 2023-7055-01

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems