A webkit2gtk3 security and bug fix update has been released for AlmaLinux 8.
ALSA-2023:2834 Important: webkit2gtk3 security and bug fix update
Type:
security
Severity:
important
Release date:
2023-05-19
Description
Security Fix(es):
* webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42826)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23517)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23518)
* webkitgtk: buffer overflow issue was addressed with improved memory handling (CVE-2022-32886)
* webkitgtk: out-of-bounds write issue was addressed with improved bounds checking (CVE-2022-32888)
* webkitgtk: correctness issue in the JIT was addressed with improved checks (CVE-2022-32923)
* webkitgtk: issue was addressed with improved UI handling (CVE-2022-42799)
* webkitgtk: type confusion issue leading to arbitrary code execution (CVE-2022-42823)
* webkitgtk: sensitive information disclosure issue (CVE-2022-42824)
* webkitgtk: memory disclosure issue was addressed with improved memory handling (CVE-2022-42852)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-42863)
* webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42867)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46691)
* webkitgtk: Same Origin Policy bypass issue (CVE-2022-46692)
* webkitgtk: logic issue leading to user information disclosure (CVE-2022-46698)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46699)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46700)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild() (CVE-2023-25358)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer() (CVE-2023-25360)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling() (CVE-2023-25361)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps() (CVE-2023-25362)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags() (CVE-2023-25363)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
RHSA-2023:2834
CVE-2022-32886
CVE-2022-32888
CVE-2022-32923
CVE-2022-42799
CVE-2022-42823
CVE-2022-42824
CVE-2022-42826
CVE-2022-42852
CVE-2022-42863
CVE-2022-42867
CVE-2022-46691
CVE-2022-46692
CVE-2022-46698
CVE-2022-46699
CVE-2022-46700
CVE-2023-23517
CVE-2023-23518
CVE-2023-25358
CVE-2023-25360
CVE-2023-25361
CVE-2023-25362
CVE-2023-25363
ALSA-2023:2834
Updates packages:
webkit2gtk3-jsc-devel-2.38.5-1.el8.i686.rpm
webkit2gtk3-devel-2.38.5-1.el8.i686.rpm
webkit2gtk3-2.38.5-1.el8.i686.rpm
webkit2gtk3-jsc-2.38.5-1.el8.i686.rpm
webkit2gtk3-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-jsc-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-devel-2.38.5-1.el8.x86_64.rpm
webkit2gtk3-devel-2.38.5-1.el8.s390x.rpm
webkit2gtk3-jsc-2.38.5-1.el8.s390x.rpm
webkit2gtk3-2.38.5-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el8.s390x.rpm
webkit2gtk3-devel-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-jsc-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-2.38.5-1.el8.aarch64.rpm
webkit2gtk3-jsc-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el8.ppc64le.rpm
webkit2gtk3-devel-2.38.5-1.el8.ppc64le.rpm
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2023:2834 Important: webkit2gtk3 security and bug fix update