Headline
RHSA-2022:7704: Red Hat Security Advisory: webkit2gtk3 security and bug fix update
An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution
- CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution
- CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution
- CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure
- CVE-2022-26700: webkitgtk: Memory corruption issue leading to arbitrary code execution
- CVE-2022-26709: webkitgtk: Use-after-free leading to arbitrary code execution
- CVE-2022-26710: webkitgtk: Use-after-free leading to arbitrary code execution
- CVE-2022-26716: webkitgtk: Memory corruption issue leading to arbitrary code execution
- CVE-2022-26717: webkitgtk: Use-after-free leading to arbitrary code execution
- CVE-2022-26719: webkitgtk: Memory corruption issue leading to arbitrary code execution
- CVE-2022-30293: webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution
Synopsis
Moderate: webkit2gtk3 security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.
Security Fix(es):
- webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)
- webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)
- webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)
- webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)
- webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)
- webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)
- webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)
- webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)
- webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)
- webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)
- webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Fixes
- BZ - 2061994 - Upgrade WebKitGTK for RHEL 8.7
- BZ - 2073893 - CVE-2022-22624 webkitgtk: Use-after-free leading to arbitrary code execution
- BZ - 2073896 - CVE-2022-22628 webkitgtk: Use-after-free leading to arbitrary code execution
- BZ - 2073899 - CVE-2022-22629 webkitgtk: Buffer overflow leading to arbitrary code execution
- BZ - 2082548 - CVE-2022-30293 webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution
- BZ - 2092732 - CVE-2022-26700 webkitgtk: Memory corruption issue leading to arbitrary code execution
- BZ - 2092733 - CVE-2022-26709 webkitgtk: Use-after-free leading to arbitrary code execution
- BZ - 2092734 - CVE-2022-26716 webkitgtk: Memory corruption issue leading to arbitrary code execution
- BZ - 2092735 - CVE-2022-26717 webkitgtk: Use-after-free leading to arbitrary code execution
- BZ - 2092736 - CVE-2022-26719 webkitgtk: Memory corruption issue leading to arbitrary code execution
- BZ - 2099334 - Can not play yelp videos
- BZ - 2104787 - CVE-2022-22662 webkitgtk: Cookie management issue leading to sensitive user information disclosure
- BZ - 2104789 - CVE-2022-26710 webkitgtk: Use-after-free leading to arbitrary code execution
CVEs
- CVE-2022-22624
- CVE-2022-22628
- CVE-2022-22629
- CVE-2022-22662
- CVE-2022-26700
- CVE-2022-26709
- CVE-2022-26710
- CVE-2022-26716
- CVE-2022-26717
- CVE-2022-26719
- CVE-2022-30293
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index
Red Hat Enterprise Linux for x86_64 8
SRPM
glib2-2.56.4-159.el8.src.rpm
SHA-256: 506f3e16d1d1859f44778eff3f18f7765b006ee8cc2bbfd5ca52af7100420434
webkit2gtk3-2.36.7-1.el8.src.rpm
SHA-256: 0ce63055058ae2053eda5dfec463eed16e28d6e14edf0851c321dc8ae2be4f86
x86_64
glib2-2.56.4-159.el8.i686.rpm
SHA-256: 01570360516014834893e0006569018e2d3dc2263d0f22e715c0c93a161d53a2
glib2-2.56.4-159.el8.x86_64.rpm
SHA-256: 3d6a5eeb0da36ce36cd6ddc5e3c2d2bc36cd5962d1450077c5c5754b8f5ac02c
glib2-debuginfo-2.56.4-159.el8.i686.rpm
SHA-256: 69d7a45e1c54c6a145789cf05e60f86d8302c520170f9226b4559fcf419423a9
glib2-debuginfo-2.56.4-159.el8.x86_64.rpm
SHA-256: e949e2442b15b438515c2f416a99664b37c4f1d0031a24dc882a74976a3a08f8
glib2-debugsource-2.56.4-159.el8.i686.rpm
SHA-256: 9ba448846f9f0c1fb2ee6453f884c287226a8e728016144c432ba6009aa4b274
glib2-debugsource-2.56.4-159.el8.x86_64.rpm
SHA-256: e9789111f6fd93f5318ec9e6f68e9b4b76deee05a81f21a8c82f9db76c169685
glib2-devel-2.56.4-159.el8.i686.rpm
SHA-256: 6fb1522cb7826e4ccec4d477b624db06a635424e6938647452077d87b3379b15
glib2-devel-2.56.4-159.el8.x86_64.rpm
SHA-256: 8c9376db3c9bc389bbc5577dbe6dc7d72663eb14bb2024a940e0e8d081411a9f
glib2-devel-debuginfo-2.56.4-159.el8.i686.rpm
SHA-256: 9b54b7583f483dcf6e26c23ed1f767a04c2485c72a04a67804d3938d169be45f
glib2-devel-debuginfo-2.56.4-159.el8.x86_64.rpm
SHA-256: d1c8e6232ce9f04f4243ed003535824b312f319d4f82b430f02d0b73fdda87a3
glib2-fam-2.56.4-159.el8.x86_64.rpm
SHA-256: f51c6b739abd09671ee0ce2cb1e9d7d82993976bac4df18635e528f0264a7ac7
glib2-fam-debuginfo-2.56.4-159.el8.i686.rpm
SHA-256: 468e7e41407bc9681309341b9b25802ca1872b0042aeb0ef2a4b721bbbd82050
glib2-fam-debuginfo-2.56.4-159.el8.x86_64.rpm
SHA-256: 7674c47910fc6143fcd9c29577e80ded757293ccda8c88a3f63527d011d3d92e
glib2-tests-2.56.4-159.el8.x86_64.rpm
SHA-256: 92ee8a74ed7a94b4d979c876146ec91febf863d89cdd74ec53ab760d2736880f
glib2-tests-debuginfo-2.56.4-159.el8.i686.rpm
SHA-256: 1cff538f78dd937e17ee0e80077d210132cb996aaf55d73793036ee59696e2f4
glib2-tests-debuginfo-2.56.4-159.el8.x86_64.rpm
SHA-256: 236cb5a371f1dc078fc296ff802549649eea2d3388fc811b6961def8db374d12
webkit2gtk3-2.36.7-1.el8.i686.rpm
SHA-256: c3d171bd9ff772916c6b94028da2bf1f08900e4305daf94b1b328ff523c3fe71
webkit2gtk3-2.36.7-1.el8.x86_64.rpm
SHA-256: 6eda240f5071eeda37224f0fe429ccf69bb49f47b5d4307e894fc8c686535d9e
webkit2gtk3-debuginfo-2.36.7-1.el8.i686.rpm
SHA-256: 0803d8ecad3558c831df184827af03cd42ea6a9bbc6c2b825d6a3faff7ecd407
webkit2gtk3-debuginfo-2.36.7-1.el8.x86_64.rpm
SHA-256: 02edd0e18977541087569a6770cf05fbe15d8c915004924ea4d3fc7365f85966
webkit2gtk3-debugsource-2.36.7-1.el8.i686.rpm
SHA-256: efe236e46b07118436197e563f595bf0fdf2f833de94d556665c90009257a722
webkit2gtk3-debugsource-2.36.7-1.el8.x86_64.rpm
SHA-256: 837d9390c5423f7521537132ea3d243a72518c55f2b125242cc0e7867fccabb1
webkit2gtk3-devel-2.36.7-1.el8.i686.rpm
SHA-256: 87d6902f0c540a7f3bf27ef806ca26f2f03c2019143af16cf11b8a3f787a6e5e
webkit2gtk3-devel-2.36.7-1.el8.x86_64.rpm
SHA-256: a5b37d416f2b74bbc09852bcf69a507649b0dffba41bd57d1656db70625d2c17
webkit2gtk3-devel-debuginfo-2.36.7-1.el8.i686.rpm
SHA-256: 88f338f3b76cb760b4177c3a7469124f6e1aa0d375d275e999d31d1c569678b5
webkit2gtk3-devel-debuginfo-2.36.7-1.el8.x86_64.rpm
SHA-256: c69fb5a580ea4d8897bf40abcbc31e6638cee3ddc95bc65e9f235967024a6c39
webkit2gtk3-jsc-2.36.7-1.el8.i686.rpm
SHA-256: 98ae0eb8f8dfd05a939d3f311a8ecfb439c8dc9fff9c68d0270f073ba1a2ba0e
webkit2gtk3-jsc-2.36.7-1.el8.x86_64.rpm
SHA-256: bdc3f79839648289c60e038294d116910103a3a528b357e6903c105159163ffd
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8.i686.rpm
SHA-256: 796bac661416ffc2ef2deee2804b4ce42d8fdab587bdd4449c3ac63dae2e224b
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8.x86_64.rpm
SHA-256: fe85c87068d225070b8551b2008a909144c91997d017f965a7b9831972f28113
webkit2gtk3-jsc-devel-2.36.7-1.el8.i686.rpm
SHA-256: c438ed33df0effbd6149ac32c5c865b8b1b42e0d6052170c8cf390a225df4ffb
webkit2gtk3-jsc-devel-2.36.7-1.el8.x86_64.rpm
SHA-256: 0cc307c4d0e6144794f1e64916939ff1a61b99ff37b73b1401b9f8b1d181d36d
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.i686.rpm
SHA-256: 393dc474808060f33b433cefd8bb71b07b3fb41f1e7834f71059aa6f55aad743
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.x86_64.rpm
SHA-256: 7a3abf5285dea1a18dd9defc84f139159144cc519ecd4df52c09479575b2c6b4
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
glib2-2.56.4-159.el8.src.rpm
SHA-256: 506f3e16d1d1859f44778eff3f18f7765b006ee8cc2bbfd5ca52af7100420434
webkit2gtk3-2.36.7-1.el8.src.rpm
SHA-256: 0ce63055058ae2053eda5dfec463eed16e28d6e14edf0851c321dc8ae2be4f86
s390x
glib2-2.56.4-159.el8.s390x.rpm
SHA-256: d214a570cbb8ed461ea7b88683ce568f70bb7aa3eb546afe0bc40ff1c4010afb
glib2-debuginfo-2.56.4-159.el8.s390x.rpm
SHA-256: c3eb6876a8ae91cf087208a32a9fa7c6ea812979a9d10dc8a7e270c51a33a17e
glib2-debugsource-2.56.4-159.el8.s390x.rpm
SHA-256: 2e12ba8a1091b6bdbe2ba1b55c67ba23a1a3c01ad7f6ed581b8790dbdf840ebe
glib2-devel-2.56.4-159.el8.s390x.rpm
SHA-256: 9a51efe24d22bbed596b18706c8a692b362c5286f8f12c2e8f8db65b02b50a1e
glib2-devel-debuginfo-2.56.4-159.el8.s390x.rpm
SHA-256: f6e4fe5def2e6d3b157813174a5e9bedfe3f8a1ad417f405e7b35a4dc68532ce
glib2-fam-2.56.4-159.el8.s390x.rpm
SHA-256: a6d45bf344dadecdb6d42b17f958227b90aa3e3f0f229a729966ec49add2d889
glib2-fam-debuginfo-2.56.4-159.el8.s390x.rpm
SHA-256: f793a0b1b0b0cb9038072ca2176b25f69500578db9ea3fad624b4a9f6eb9b912
glib2-tests-2.56.4-159.el8.s390x.rpm
SHA-256: 90de6234f93bf3ecd351f25a450d33881bf9b6b0ccf2e52e8cb02b7d92a1b386
glib2-tests-debuginfo-2.56.4-159.el8.s390x.rpm
SHA-256: f0625534201d19772f4905f88c4c1a21802db43df03041d560efbbdb19416546
webkit2gtk3-2.36.7-1.el8.s390x.rpm
SHA-256: 0065dd4514a60bcd50521dbeb3d5a196d7113382bb440cae13efc528b5dbef56
webkit2gtk3-debuginfo-2.36.7-1.el8.s390x.rpm
SHA-256: 6e9ec9757146206edafd63f0c78dadea4f0d96b6e9af8d1c9f14782adfd8bcbf
webkit2gtk3-debugsource-2.36.7-1.el8.s390x.rpm
SHA-256: fd0684da19da4e8785080b88b228a3a96ff54dc9562d6c86fb32b62d31056a06
webkit2gtk3-devel-2.36.7-1.el8.s390x.rpm
SHA-256: 28805d8da04a4844cabf64214aac3b3c10edb23899b57aa9d05ca3e39126712f
webkit2gtk3-devel-debuginfo-2.36.7-1.el8.s390x.rpm
SHA-256: e1f14e3877e1c84b38da05831781692ca9dade944e0f9a2b97b6fc522c9bf4b0
webkit2gtk3-jsc-2.36.7-1.el8.s390x.rpm
SHA-256: 4efbff6590ffc1cf73189719173d40f6e315cae2a9d59178d2f945315d008660
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8.s390x.rpm
SHA-256: 9a0579eb197aa8c7b3a8eba8aa8e2be47a15ada63ddb8dc4828d2f47d8a19d00
webkit2gtk3-jsc-devel-2.36.7-1.el8.s390x.rpm
SHA-256: 7d28d7158442b87e8f772f113f73779b0e1a816698169797f5d596b67d39327f
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.s390x.rpm
SHA-256: d4f3a73597b3bcadc933fbeb3290ae879b200d5d92331d55a2d839dc757852be
Red Hat Enterprise Linux for Power, little endian 8
SRPM
glib2-2.56.4-159.el8.src.rpm
SHA-256: 506f3e16d1d1859f44778eff3f18f7765b006ee8cc2bbfd5ca52af7100420434
webkit2gtk3-2.36.7-1.el8.src.rpm
SHA-256: 0ce63055058ae2053eda5dfec463eed16e28d6e14edf0851c321dc8ae2be4f86
ppc64le
glib2-2.56.4-159.el8.ppc64le.rpm
SHA-256: ac15228dee3afbbdc68ef6571abbe403347741103c34ecd785e870984eed2573
glib2-debuginfo-2.56.4-159.el8.ppc64le.rpm
SHA-256: 72b630beb7af554686faabe33d074871ca54ab3692f40890379ffac79ebaa78f
glib2-debugsource-2.56.4-159.el8.ppc64le.rpm
SHA-256: 290a422d78e87f98f85f8e4182270c72b0898fd581c02f3d02429b7f108244f2
glib2-devel-2.56.4-159.el8.ppc64le.rpm
SHA-256: 1d09932f6f2f54a63e1c517bdbc05e79d5db703c3b750f933c7121bdfba1e697
glib2-devel-debuginfo-2.56.4-159.el8.ppc64le.rpm
SHA-256: 3e00e678188138055ca195abea2900e1e5348d47b78c8b7e4b352bf5716dff43
glib2-fam-2.56.4-159.el8.ppc64le.rpm
SHA-256: c330d2f8d9c9af4ef4286fde3bceda4dc1f897595a62bbc92a4e0a81a8b4dfb4
glib2-fam-debuginfo-2.56.4-159.el8.ppc64le.rpm
SHA-256: 0d1318b5d39cc065a989344642220f3dcba6bd0670e5483e25ce92c166c502e6
glib2-tests-2.56.4-159.el8.ppc64le.rpm
SHA-256: c3930a735b1d55a5209c4899136dd60f2f9af55abf47b70a12231aa2060407a8
glib2-tests-debuginfo-2.56.4-159.el8.ppc64le.rpm
SHA-256: 77d6c3360811922d12489e7abe00809e9d48e857f9f277f66a141ab54ab696d8
webkit2gtk3-2.36.7-1.el8.ppc64le.rpm
SHA-256: abcb7e92c3bd14b688cdcd8ab1ae42e6d45a404254ebd72f25299ae711644e68
webkit2gtk3-debuginfo-2.36.7-1.el8.ppc64le.rpm
SHA-256: b4addaef435fdf927b66327953dfe48b054f464cbd90aff88ca61c1327aa3355
webkit2gtk3-debugsource-2.36.7-1.el8.ppc64le.rpm
SHA-256: abd4caf3825de6b9cfec9939e641ed1807e23d0552526bdefdd62b68e110e751
webkit2gtk3-devel-2.36.7-1.el8.ppc64le.rpm
SHA-256: 295364b376993d633b4c246bac8bf6979638d84f094432681d420a387d92c639
webkit2gtk3-devel-debuginfo-2.36.7-1.el8.ppc64le.rpm
SHA-256: a9bd5845a488db68dfb6cdb23a0ab37ee2f0b004fd6cca68112064cad12585ee
webkit2gtk3-jsc-2.36.7-1.el8.ppc64le.rpm
SHA-256: 04adb2564346fbd2289813d17736ff0258680b07c42ea49e5196a2b93c437eff
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8.ppc64le.rpm
SHA-256: c21cc6413a534cc6c95f8a0368f60a20ac9ae0431b80d10bc846f2508c8bec95
webkit2gtk3-jsc-devel-2.36.7-1.el8.ppc64le.rpm
SHA-256: eff55f88d1cc79035651d59080871fa13d53c0b94b55f907e318c3f38f1ef487
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.ppc64le.rpm
SHA-256: 0cc813e374b51716c9a01b852161c7557635493c2720d88d1d1a1a9150d4b10e
Red Hat Enterprise Linux for ARM 64 8
SRPM
glib2-2.56.4-159.el8.src.rpm
SHA-256: 506f3e16d1d1859f44778eff3f18f7765b006ee8cc2bbfd5ca52af7100420434
webkit2gtk3-2.36.7-1.el8.src.rpm
SHA-256: 0ce63055058ae2053eda5dfec463eed16e28d6e14edf0851c321dc8ae2be4f86
aarch64
glib2-2.56.4-159.el8.aarch64.rpm
SHA-256: a7551988b8c466f8759449f5cfb375173fe5aee67978fb3e1549a2a2bdeccf73
glib2-debuginfo-2.56.4-159.el8.aarch64.rpm
SHA-256: 4a3fe0b4fd0e1a986f622aa6fa898be441c0e5629ff6bd8f7c845acdd87da070
glib2-debugsource-2.56.4-159.el8.aarch64.rpm
SHA-256: a45e771bd580857cf3687f46ae64a30c5b2b5a846c9eb5972b32a823ed10aac5
glib2-devel-2.56.4-159.el8.aarch64.rpm
SHA-256: 24d965953e68a19c391c62cbefc85bc1f1113941692ff5725171d8e3860040c5
glib2-devel-debuginfo-2.56.4-159.el8.aarch64.rpm
SHA-256: 07af000be1464cfcb3a16590efb0b9a7463d98797007a175ed204b2c88c410d7
glib2-fam-2.56.4-159.el8.aarch64.rpm
SHA-256: a48544d74a0f6db7b3e9a664685b0a2ced449ec4558f93d565b91a1112cf733a
glib2-fam-debuginfo-2.56.4-159.el8.aarch64.rpm
SHA-256: 1a3e98149bba2bd132a3ab6d1f2a789a0071af10c17da8637370dbc9313892b2
glib2-tests-2.56.4-159.el8.aarch64.rpm
SHA-256: 4b4b4c5c33ee587cdc382fa9fe3717d3e7478fd255b97b531e0c088ab458c274
glib2-tests-debuginfo-2.56.4-159.el8.aarch64.rpm
SHA-256: a8cbe52842a6e2673a607809c37a9652e839b557a710759dbf737c8b1d1607f0
webkit2gtk3-2.36.7-1.el8.aarch64.rpm
SHA-256: 12d3e20dfde71bcf325cd919721d03c08b745d983cb5440c4c22c622701f3400
webkit2gtk3-debuginfo-2.36.7-1.el8.aarch64.rpm
SHA-256: f38bc0a260ff379a392993c99d1554232121a0af3440a33a8ec3a450d180f66e
webkit2gtk3-debugsource-2.36.7-1.el8.aarch64.rpm
SHA-256: 032c0025ee5026bc83149a0a39aa27cd0b681e3f6355d4f2b05f86a895f36e0a
webkit2gtk3-devel-2.36.7-1.el8.aarch64.rpm
SHA-256: dce4e0f3df130fee31296a58a7c00b44e7e1c7da7fc3c117d1922ed645431d81
webkit2gtk3-devel-debuginfo-2.36.7-1.el8.aarch64.rpm
SHA-256: 8b8cbaf01bb8f7c66d8c63dc605e6084cd234e6227fc74fc93ae2e09c79aeea3
webkit2gtk3-jsc-2.36.7-1.el8.aarch64.rpm
SHA-256: 07e2f2cbb90128f6c1cc9e20cd1c681e54e1a062f4523b211d1cf61bbe28a565
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8.aarch64.rpm
SHA-256: e68957dfbdccfb7c4ca31ecb11ed20046d84d261051ae23318c7c41f0dd3d1e2
webkit2gtk3-jsc-devel-2.36.7-1.el8.aarch64.rpm
SHA-256: 19b6a6873aac308fd84663f4b415dfc155ec8696273d54dba080619398934049
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.aarch64.rpm
SHA-256: 96c5ba4a43da3bf7245c21c07acb0c743eeff311269cce3e86edfde60f57feab
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
glib2-debuginfo-2.56.4-159.el8.i686.rpm
SHA-256: 69d7a45e1c54c6a145789cf05e60f86d8302c520170f9226b4559fcf419423a9
glib2-debuginfo-2.56.4-159.el8.x86_64.rpm
SHA-256: e949e2442b15b438515c2f416a99664b37c4f1d0031a24dc882a74976a3a08f8
glib2-debugsource-2.56.4-159.el8.i686.rpm
SHA-256: 9ba448846f9f0c1fb2ee6453f884c287226a8e728016144c432ba6009aa4b274
glib2-debugsource-2.56.4-159.el8.x86_64.rpm
SHA-256: e9789111f6fd93f5318ec9e6f68e9b4b76deee05a81f21a8c82f9db76c169685
glib2-devel-debuginfo-2.56.4-159.el8.i686.rpm
SHA-256: 9b54b7583f483dcf6e26c23ed1f767a04c2485c72a04a67804d3938d169be45f
glib2-devel-debuginfo-2.56.4-159.el8.x86_64.rpm
SHA-256: d1c8e6232ce9f04f4243ed003535824b312f319d4f82b430f02d0b73fdda87a3
glib2-doc-2.56.4-159.el8.noarch.rpm
SHA-256: a04c0e941acf3f776c1d67694e06df5ab1d2fffe0506d571ced4dbfbbc683da8
glib2-fam-debuginfo-2.56.4-159.el8.i686.rpm
SHA-256: 468e7e41407bc9681309341b9b25802ca1872b0042aeb0ef2a4b721bbbd82050
glib2-fam-debuginfo-2.56.4-159.el8.x86_64.rpm
SHA-256: 7674c47910fc6143fcd9c29577e80ded757293ccda8c88a3f63527d011d3d92e
glib2-static-2.56.4-159.el8.i686.rpm
SHA-256: 21bbb2f4f07ad75ef4233db9902ee7851f6afcbf7937c172047120cae0223863
glib2-static-2.56.4-159.el8.x86_64.rpm
SHA-256: 463daf93e6c7639cd6bb43915bcc3386b6caa0a3ed01fea55ea2ea8202e249bc
glib2-tests-debuginfo-2.56.4-159.el8.i686.rpm
SHA-256: 1cff538f78dd937e17ee0e80077d210132cb996aaf55d73793036ee59696e2f4
glib2-tests-debuginfo-2.56.4-159.el8.x86_64.rpm
SHA-256: 236cb5a371f1dc078fc296ff802549649eea2d3388fc811b6961def8db374d12
Red Hat CodeReady Linux Builder for Power, little endian 8
SRPM
ppc64le
glib2-debuginfo-2.56.4-159.el8.ppc64le.rpm
SHA-256: 72b630beb7af554686faabe33d074871ca54ab3692f40890379ffac79ebaa78f
glib2-debugsource-2.56.4-159.el8.ppc64le.rpm
SHA-256: 290a422d78e87f98f85f8e4182270c72b0898fd581c02f3d02429b7f108244f2
glib2-devel-debuginfo-2.56.4-159.el8.ppc64le.rpm
SHA-256: 3e00e678188138055ca195abea2900e1e5348d47b78c8b7e4b352bf5716dff43
glib2-doc-2.56.4-159.el8.noarch.rpm
SHA-256: a04c0e941acf3f776c1d67694e06df5ab1d2fffe0506d571ced4dbfbbc683da8
glib2-fam-debuginfo-2.56.4-159.el8.ppc64le.rpm
SHA-256: 0d1318b5d39cc065a989344642220f3dcba6bd0670e5483e25ce92c166c502e6
glib2-static-2.56.4-159.el8.ppc64le.rpm
SHA-256: c1894182872f26cdaf0b92598add17c8d944bbcf33d0eb6dc4df22e7be6c84a5
glib2-tests-debuginfo-2.56.4-159.el8.ppc64le.rpm
SHA-256: 77d6c3360811922d12489e7abe00809e9d48e857f9f277f66a141ab54ab696d8
Red Hat CodeReady Linux Builder for ARM 64 8
SRPM
aarch64
glib2-debuginfo-2.56.4-159.el8.aarch64.rpm
SHA-256: 4a3fe0b4fd0e1a986f622aa6fa898be441c0e5629ff6bd8f7c845acdd87da070
glib2-debugsource-2.56.4-159.el8.aarch64.rpm
SHA-256: a45e771bd580857cf3687f46ae64a30c5b2b5a846c9eb5972b32a823ed10aac5
glib2-devel-debuginfo-2.56.4-159.el8.aarch64.rpm
SHA-256: 07af000be1464cfcb3a16590efb0b9a7463d98797007a175ed204b2c88c410d7
glib2-doc-2.56.4-159.el8.noarch.rpm
SHA-256: a04c0e941acf3f776c1d67694e06df5ab1d2fffe0506d571ced4dbfbbc683da8
glib2-fam-debuginfo-2.56.4-159.el8.aarch64.rpm
SHA-256: 1a3e98149bba2bd132a3ab6d1f2a789a0071af10c17da8637370dbc9313892b2
glib2-static-2.56.4-159.el8.aarch64.rpm
SHA-256: 21f8040fec7f00924ae342d09c715d6dbff89b8c5b5e602c0aa35c52af39573f
glib2-tests-debuginfo-2.56.4-159.el8.aarch64.rpm
SHA-256: a8cbe52842a6e2673a607809c37a9652e839b557a710759dbf737c8b1d1607f0
Red Hat CodeReady Linux Builder for IBM z Systems 8
SRPM
s390x
glib2-debuginfo-2.56.4-159.el8.s390x.rpm
SHA-256: c3eb6876a8ae91cf087208a32a9fa7c6ea812979a9d10dc8a7e270c51a33a17e
glib2-debugsource-2.56.4-159.el8.s390x.rpm
SHA-256: 2e12ba8a1091b6bdbe2ba1b55c67ba23a1a3c01ad7f6ed581b8790dbdf840ebe
glib2-devel-debuginfo-2.56.4-159.el8.s390x.rpm
SHA-256: f6e4fe5def2e6d3b157813174a5e9bedfe3f8a1ad417f405e7b35a4dc68532ce
glib2-doc-2.56.4-159.el8.noarch.rpm
SHA-256: a04c0e941acf3f776c1d67694e06df5ab1d2fffe0506d571ced4dbfbbc683da8
glib2-fam-debuginfo-2.56.4-159.el8.s390x.rpm
SHA-256: f793a0b1b0b0cb9038072ca2176b25f69500578db9ea3fad624b4a9f6eb9b912
glib2-static-2.56.4-159.el8.s390x.rpm
SHA-256: f59a9a162ab20c2771c9a3c7696ab8d55a1150a9de5001ae2dd393db4559b185
glib2-tests-debuginfo-2.56.4-159.el8.s390x.rpm
SHA-256: f0625534201d19772f4905f88c4c1a21802db43df03041d560efbbdb19416546
Related news
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...
OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information.
An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. W...
Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.
Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.
Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.
Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...
Red Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.
Red Hat Security Advisory 2023-0470-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1).
Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.
An update is now available for Migration Toolkit for Runtimes (v1.0.1). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42920: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing
Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...
Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-41912: crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements
Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.
Red Hat Security Advisory 2022-8938-01 - Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements.
Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: keycloak: path traversal via double URL encoding * CVE-2022-3916: keycloak: Session takeover with OIDC offline refreshtokens
Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.
Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays
Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.
Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...
Red Hat Security Advisory 2022-8750-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...
Red Hat Security Advisory 2022-7435-01 - An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Issues addressed include a denial of service vulnerability.
An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays...
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution * CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure * CVE-2022-26700: w...
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.
Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.
Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.
Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.
Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.
Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.
Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.
Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.
Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.
Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.
Ubuntu Security Notice 5522-1 - Several security issues were discovered in WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5457-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5457-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5457-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5457-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5457-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.
This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.
This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.
This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.
This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.
This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.
This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.
Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.