Red Hat 9062 Published by

A webkit2gtk3 security, bug fix, and enhancement update has been released for Red Hat Enterprise Linux 8.



RHSA-2022:1777-01: Moderate: webkit2gtk3 security, bug fix, and enhancement update



=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update
Advisory ID: RHSA-2022:1777-01
Product: Red Hat Enterprise Linux
Advisory URL:   https://access.redhat.com/errata/RHSA-2022:1777
Issue date: 2022-05-10
CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823
CVE-2021-30836 CVE-2021-30846 CVE-2021-30848
CVE-2021-30849 CVE-2021-30851 CVE-2021-30884
CVE-2021-30887 CVE-2021-30888 CVE-2021-30889
CVE-2021-30890 CVE-2021-30897 CVE-2021-30934
CVE-2021-30936 CVE-2021-30951 CVE-2021-30952
CVE-2021-30953 CVE-2021-30954 CVE-2021-30984
CVE-2021-45481 CVE-2021-45482 CVE-2021-45483
CVE-2022-22589 CVE-2022-22590 CVE-2022-22592
CVE-2022-22594 CVE-2022-22620 CVE-2022-22637
=====================================================================

1. Summary:

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the
GTK platform.

The following packages have been upgraded to a later upstream version:
webkit2gtk3 (2.34.6). (BZ#1985042)

Security Fix(es):

* webkitgtk: maliciously crafted web content may lead to arbitrary code
execution due to use after free (CVE-2022-22620)

* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2021-30809)

* webkitgtk: Type confusion issue leading to arbitrary code execution
(CVE-2021-30818)

* webkitgtk: Logic issue leading to HSTS bypass (CVE-2021-30823)

* webkitgtk: Memory corruption issue leading to arbitrary code execution
(CVE-2021-30846)

* webkitgtk: Memory corruption issue leading to arbitrary code execution
(CVE-2021-30848)

* webkitgtk: Multiple memory corruption issue leading to arbitrary code
execution (CVE-2021-30849)

* webkitgtk: Memory corruption issue leading to arbitrary code execution
(CVE-2021-30851)

* webkitgtk: Logic issue leading to Content Security Policy bypass
(CVE-2021-30887)

* webkitgtk: Information leak via Content Security Policy reports
(CVE-2021-30888)

* webkitgtk: Buffer overflow leading to arbitrary code execution
(CVE-2021-30889)

* webkitgtk: Logic issue leading to universal cross-site scripting
(CVE-2021-30890)

* webkitgtk: Cross-origin data exfiltration via resource timing API
(CVE-2021-30897)

* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30934)

* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30936)

* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30951)

* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30952)

* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30953)

* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30954)

* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30984)

* webkitgtk: Incorrect memory allocation in
WebCore::ImageBufferCairoImageSurfaceBackend::create (CVE-2021-45481)

* webkitgtk: use-after-free in WebCore::ContainerNode::firstChild
(CVE-2021-45482)

* webkitgtk: use-after-free in WebCore::Frame::page (CVE-2021-45483)

* webkitgtk: Processing a maliciously crafted mail message may lead to
running arbitrary javascript (CVE-2022-22589)

* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2022-22590)

* webkitgtk: Processing maliciously crafted web content may prevent Content
Security Policy from being enforced (CVE-2022-22592)

* webkitgtk: A malicious website may exfiltrate data cross-origin
(CVE-2022-22594)

* webkitgtk: logic issue was addressed with improved state management
(CVE-2022-22637)

* webkitgtk: Out-of-bounds read leading to memory disclosure
(CVE-2021-30836)

* webkitgtk: CSS compositing issue leading to revealing of the browsing
history (CVE-2021-30884)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.6 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

  https://access.redhat.com/articles/11258

5. Bugs fixed (  https://bugzilla.redhat.com/):

1985042 - Upgrade WebKitGTK for RHEL 8.6
2017898 - CVE-2021-30846 webkitgtk: Memory corruption issue leading to arbitrary code execution
2017901 - CVE-2021-30848 webkitgtk: Memory corruption issue leading to arbitrary code execution
2017904 - CVE-2021-30849 webkitgtk: Multiple memory corruption issue leading to arbitrary code execution
2018573 - CVE-2021-30851 webkitgtk: Memory corruption issue leading to arbitrary code execution
2034347 - CVE-2021-30809 webkitgtk: Use-after-free leading to arbitrary code execution
2034368 - CVE-2021-30818 webkitgtk: Type confusion issue leading to arbitrary code execution
2034373 - CVE-2021-30823 webkitgtk: Logic issue leading to HSTS bypass
2034376 - CVE-2021-30836 webkitgtk: Out-of-bounds read leading to memory disclosure
2034378 - CVE-2021-30884 webkitgtk: CSS compositing issue leading to revealing of the browsing history
2034381 - CVE-2021-30887 webkitgtk: Logic issue leading to Content Security Policy bypass
2034383 - CVE-2021-30888 webkitgtk: Information leak via Content Security Policy reports
2034386 - CVE-2021-30889 webkitgtk: Buffer overflow leading to arbitrary code execution
2034389 - CVE-2021-30890 webkitgtk: Logic issue leading to universal cross-site scripting
2038907 - CVE-2021-30897 webkitgtk: Cross-origin data exfiltration via resource timing API
2040327 - CVE-2021-45481 webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create
2040329 - CVE-2021-45482 webkitgtk: use-after-free in WebCore::ContainerNode::firstChild
2040331 - CVE-2021-45483 webkitgtk: use-after-free in WebCore::Frame::page
2041559 - Doesn't show document with ongoing resources' download immediately
2044521 - CVE-2021-30934 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044528 - CVE-2021-30936 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044534 - CVE-2021-30951 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044538 - CVE-2021-30952 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044542 - CVE-2021-30953 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044551 - CVE-2021-30954 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044553 - CVE-2021-30984 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2045291 - CVE-2022-22594 webkitgtk: A malicious website may exfiltrate data cross-origin
2053179 - CVE-2022-22589 webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript
2053181 - CVE-2022-22590 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2053185 - CVE-2022-22592 webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
2056474 - CVE-2022-22620 webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free
2073903 - CVE-2022-22637 webkitgtk: logic issue was addressed with improved state management

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
webkit2gtk3-2.34.6-1.el8.src.rpm

aarch64:
webkit2gtk3-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm

ppc64le:
webkit2gtk3-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm

s390x:
webkit2gtk3-2.34.6-1.el8.s390x.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm
webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm
webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm

x86_64:
webkit2gtk3-2.34.6-1.el8.i686.rpm
webkit2gtk3-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-devel-2.34.6-1.el8.i686.rpm
webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm
webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
  https://access.redhat.com/security/team/key/

7. References:

  https://access.redhat.com/security/cve/CVE-2021-30809
  https://access.redhat.com/security/cve/CVE-2021-30818
  https://access.redhat.com/security/cve/CVE-2021-30823
  https://access.redhat.com/security/cve/CVE-2021-30836
  https://access.redhat.com/security/cve/CVE-2021-30846
  https://access.redhat.com/security/cve/CVE-2021-30848
  https://access.redhat.com/security/cve/CVE-2021-30849
  https://access.redhat.com/security/cve/CVE-2021-30851
  https://access.redhat.com/security/cve/CVE-2021-30884
  https://access.redhat.com/security/cve/CVE-2021-30887
  https://access.redhat.com/security/cve/CVE-2021-30888
  https://access.redhat.com/security/cve/CVE-2021-30889
  https://access.redhat.com/security/cve/CVE-2021-30890
  https://access.redhat.com/security/cve/CVE-2021-30897
  https://access.redhat.com/security/cve/CVE-2021-30934
  https://access.redhat.com/security/cve/CVE-2021-30936
  https://access.redhat.com/security/cve/CVE-2021-30951
  https://access.redhat.com/security/cve/CVE-2021-30952
  https://access.redhat.com/security/cve/CVE-2021-30953
  https://access.redhat.com/security/cve/CVE-2021-30954
  https://access.redhat.com/security/cve/CVE-2021-30984
  https://access.redhat.com/security/cve/CVE-2021-45481
  https://access.redhat.com/security/cve/CVE-2021-45482
  https://access.redhat.com/security/cve/CVE-2021-45483
  https://access.redhat.com/security/cve/CVE-2022-22589
  https://access.redhat.com/security/cve/CVE-2022-22590
  https://access.redhat.com/security/cve/CVE-2022-22592
  https://access.redhat.com/security/cve/CVE-2022-22594
  https://access.redhat.com/security/cve/CVE-2022-22620
  https://access.redhat.com/security/cve/CVE-2022-22637
  https://access.redhat.com/security/updates/classification/#moderate
  https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

8. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.