AlmaLinux 2325 Published by

A webkit2gtk3 security and bug fix update has been released for AlmaLinux 8.



ALSA-2022:7704 Moderate: webkit2gtk3 security and bug fix update


Type:
security

Severity:
moderate

Release date:
2022-11-15

Description
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.
Security Fix(es):
* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)
* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)
* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)
* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)
* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)
* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)
* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)
* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)
* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)
* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)
* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:
RHSA-2022:7704
CVE-2022-22624
CVE-2022-22628
CVE-2022-22629
CVE-2022-22662
CVE-2022-26700
CVE-2022-26709
CVE-2022-26710
CVE-2022-26716
CVE-2022-26717
CVE-2022-26719
CVE-2022-30293
ALSA-2022:7704

Updates packages:
webkit2gtk3-jsc-devel-2.36.7-1.el8.i686.rpm
webkit2gtk3-2.36.7-1.el8.i686.rpm
webkit2gtk3-jsc-2.36.7-1.el8.i686.rpm
webkit2gtk3-devel-2.36.7-1.el8.i686.rpm
webkit2gtk3-2.36.7-1.el8.ppc64le.rpm
webkit2gtk3-jsc-2.36.7-1.el8.ppc64le.rpm
webkit2gtk3-devel-2.36.7-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8.ppc64le.rpm
webkit2gtk3-2.36.7-1.el8.x86_64.rpm
webkit2gtk3-devel-2.36.7-1.el8.x86_64.rpm
webkit2gtk3-2.36.7-1.el8.s390x.rpm
webkit2gtk3-jsc-2.36.7-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8.s390x.rpm
webkit2gtk3-devel-2.36.7-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8.aarch64.rpm
webkit2gtk3-jsc-2.36.7-1.el8.aarch64.rpm
webkit2gtk3-devel-2.36.7-1.el8.aarch64.rpm
webkit2gtk3-2.36.7-1.el8.aarch64.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2022:7704 Moderate: webkit2gtk3 security and bug fix update