Headline
RHSA-2023:0021: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-42856: webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-01-04
Updated:
2023-01-04
RHSA-2023:0021 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: webkit2gtk3 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution (CVE-2022-42856)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2153683 - CVE-2022-42856 webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution
Red Hat Enterprise Linux for x86_64 9
SRPM
webkit2gtk3-2.36.7-1.el9_1.1.src.rpm
SHA-256: 45ee9c0c275a4092d89c7b3b52e334e4e6e0a2ec6c6a3fe3255060f03d9c7b74
x86_64
webkit2gtk3-2.36.7-1.el9_1.1.i686.rpm
SHA-256: 6fb5a53888f70aebfd93293e17a3634fd05c1f8290db82c4130c3f05fdcfef7b
webkit2gtk3-2.36.7-1.el9_1.1.x86_64.rpm
SHA-256: 1c5fb88bc4d1962d15192f9714443c3b648fed79fbb1e33e5ebfb22da1e47cf8
webkit2gtk3-debuginfo-2.36.7-1.el9_1.1.i686.rpm
SHA-256: 67934a702a5314bf6b46d60ef159e09e3368ef24c2b55e8d615c3b6adf02e7ed
webkit2gtk3-debuginfo-2.36.7-1.el9_1.1.x86_64.rpm
SHA-256: e31e0d379d229c6df049b54c174ddea92ca264a7e0bfad66414ce24ec7c82b83
webkit2gtk3-debugsource-2.36.7-1.el9_1.1.i686.rpm
SHA-256: e72ef8aeaa5b7c381094d9edc8d870d0449085d4cbc27e3cd7896f5fca0b9cc9
webkit2gtk3-debugsource-2.36.7-1.el9_1.1.x86_64.rpm
SHA-256: ba8c3cc98114d405524a9ead4a06424ad4912520bf2c428ffd1b1ccf3cfdafda
webkit2gtk3-devel-2.36.7-1.el9_1.1.i686.rpm
SHA-256: 7c3a5e66c9af206c093987324d2d02a30d543202602843a9451aa6f99b915d02
webkit2gtk3-devel-2.36.7-1.el9_1.1.x86_64.rpm
SHA-256: 9336ec9f3b369722aa9ea9982a2c7df7c5bf004b7d5d1ed191ad3ec6bb739cff
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.1.i686.rpm
SHA-256: c00a99b3fff6b0d7bddfe5a272a9538f278e73223221db6005ec58566c852c2c
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.1.x86_64.rpm
SHA-256: db51f6cdfbf98aaef62e2e24e53047ee74e852e5d8d7b6a135a8160b9e7ec434
webkit2gtk3-jsc-2.36.7-1.el9_1.1.i686.rpm
SHA-256: 20d61327edc925eafd5937a2a516cc2a81c410608256dd5abd8d5ff37a833838
webkit2gtk3-jsc-2.36.7-1.el9_1.1.x86_64.rpm
SHA-256: 17c4ab66470c55d2e33640ebc1be04c326e6da2e0ef5bc790b02c88b6cced969
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.1.i686.rpm
SHA-256: 8e4db7a1f618049c24e3f64de79bc4963368408a501183391ba95a858be1a180
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.1.x86_64.rpm
SHA-256: e77e4484508f28354fab39b6c3df797e11c43bd1c01050a1bea47b8dcb8a3ca2
webkit2gtk3-jsc-devel-2.36.7-1.el9_1.1.i686.rpm
SHA-256: 7931e2556536b55cd0c450f97da6f1aa2b039026d3656d0be2476b52edb8f81f
webkit2gtk3-jsc-devel-2.36.7-1.el9_1.1.x86_64.rpm
SHA-256: 7621e89710c60f7a1217cbfe0748269d1a2769c3d7bc91449404b013f46e9bb0
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.1.i686.rpm
SHA-256: 6c8042a6d7fe1978dc1bea1440273c62854c10500f51d5f4791e5ee5772bfff7
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.1.x86_64.rpm
SHA-256: 50a8237c261777cde5ed420e5069a9baebd049e1d8743730ddfb2844cd235106
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
webkit2gtk3-2.36.7-1.el9_1.1.src.rpm
SHA-256: 45ee9c0c275a4092d89c7b3b52e334e4e6e0a2ec6c6a3fe3255060f03d9c7b74
s390x
webkit2gtk3-2.36.7-1.el9_1.1.s390x.rpm
SHA-256: 3c8e70e19ae028df59873ee817ea8d6cea6dde3dc681b1673a5adb707b076910
webkit2gtk3-debuginfo-2.36.7-1.el9_1.1.s390x.rpm
SHA-256: 83f4ec29b7b0d8b2199767958a31aff0bccf1b25e21b94c13754ff8e07cdde77
webkit2gtk3-debugsource-2.36.7-1.el9_1.1.s390x.rpm
SHA-256: 10be03e4c8f7ccbc15b7dedefe087c46619454fd1a6af2ae7b922760cc25abd4
webkit2gtk3-devel-2.36.7-1.el9_1.1.s390x.rpm
SHA-256: a35dfcf2b8d97fdb030aa5e3a6a8ad36cf887507053db1c542f9d4797d728d60
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.1.s390x.rpm
SHA-256: fcc00ea367beee4b821f59d9e5f303584cbe5c9c2eb25a7e818d00249ad20bef
webkit2gtk3-jsc-2.36.7-1.el9_1.1.s390x.rpm
SHA-256: a5c9f1da81d58b69c909fe332f4a5dc98fae102b2984a3610a79e82f662eb053
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.1.s390x.rpm
SHA-256: ed632a8937366c912cedafe29b3fbe8569f9ad97491352995a9c506774d215ea
webkit2gtk3-jsc-devel-2.36.7-1.el9_1.1.s390x.rpm
SHA-256: 1e06ecbe1aeea3bc0d6ed5f30e45a4b2b16278c0ec408df6425aaa4971452afc
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.1.s390x.rpm
SHA-256: 12393dd2cc0c19aa9c94eaf441c7e3dcc10611af951e928602204bbe240dd204
Red Hat Enterprise Linux for Power, little endian 9
SRPM
webkit2gtk3-2.36.7-1.el9_1.1.src.rpm
SHA-256: 45ee9c0c275a4092d89c7b3b52e334e4e6e0a2ec6c6a3fe3255060f03d9c7b74
ppc64le
webkit2gtk3-2.36.7-1.el9_1.1.ppc64le.rpm
SHA-256: b34a8b2451d7d31a74c81b30044cdb720d30a634ac86ada6219c4e9d2c421d47
webkit2gtk3-debuginfo-2.36.7-1.el9_1.1.ppc64le.rpm
SHA-256: a6dc26e51fbde07ada60c51380d4fb1759e76ae0449c84d4d43436b1b3298803
webkit2gtk3-debugsource-2.36.7-1.el9_1.1.ppc64le.rpm
SHA-256: ba2205cd4ea527b944c4f83f5d5dd6697799e20ff2ca08143a1825d18fdefaab
webkit2gtk3-devel-2.36.7-1.el9_1.1.ppc64le.rpm
SHA-256: 07dcb3f2dcde8c43ee84fd39ef03f9c188ee1eae63b4317fc81f6d857a43c4d0
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.1.ppc64le.rpm
SHA-256: af5ff9f6a2d1401b508d8c170f8d4b37c8653b2941040c2a1ad61c8fc910992b
webkit2gtk3-jsc-2.36.7-1.el9_1.1.ppc64le.rpm
SHA-256: 840838ee18a41dbb213eb5787eff0306bd0aca5718662c614339b69b16981f54
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.1.ppc64le.rpm
SHA-256: 02db40c15f207ff6204d0159e19d18e0307a4b090dc3eb4e2da95d102a17a075
webkit2gtk3-jsc-devel-2.36.7-1.el9_1.1.ppc64le.rpm
SHA-256: 1054898c929fa23a9c576da2155347dc12f4ae6a534da574260dbb01d35b5f99
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.1.ppc64le.rpm
SHA-256: fce49d161e64d590e34531ea79262bb12075c7c640297d35ed1cf4bb1e14130a
Red Hat Enterprise Linux for ARM 64 9
SRPM
webkit2gtk3-2.36.7-1.el9_1.1.src.rpm
SHA-256: 45ee9c0c275a4092d89c7b3b52e334e4e6e0a2ec6c6a3fe3255060f03d9c7b74
aarch64
webkit2gtk3-2.36.7-1.el9_1.1.aarch64.rpm
SHA-256: 82afbda6808c14d1e88923b57a7a4a069c7dbdecb74f14b281f30c5f82f1625b
webkit2gtk3-debuginfo-2.36.7-1.el9_1.1.aarch64.rpm
SHA-256: b4c2f1406c7d38a27bcff0303cbecfd89803acacdee1c72d19314482b25e52fd
webkit2gtk3-debugsource-2.36.7-1.el9_1.1.aarch64.rpm
SHA-256: 9f904024de2abc06952e2924d6a453f21f0b68110d544147c2aac332bfa64e40
webkit2gtk3-devel-2.36.7-1.el9_1.1.aarch64.rpm
SHA-256: 87efc3cf753b5adcb0fbd36ea969106d2225bc0abc038b5614370c4085c3f735
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.1.aarch64.rpm
SHA-256: df39de37520ece7919bc2a7f03984bfa68159503b97dd1ce9f0caebb8eeee867
webkit2gtk3-jsc-2.36.7-1.el9_1.1.aarch64.rpm
SHA-256: 5f2a9a41e018c341ff04d3a6655a13b066caaac4c6c8a1ddf5a798945d5f2073
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.1.aarch64.rpm
SHA-256: b10f4d5e31714fa30f8fa19331454d66f88728e11b30ff476331e6afa4d00f0a
webkit2gtk3-jsc-devel-2.36.7-1.el9_1.1.aarch64.rpm
SHA-256: 997e0c0f9c004b482269ec929e601786725714af582767940be11221ed208767
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.1.aarch64.rpm
SHA-256: 103e59a242cede337d1256d54d5c9adcf5a6d5ddac326efde2dfb5b40e3d79a9
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202305-32 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.40.1 are affected.
Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.
A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. "These
Apple Security Advisory 2023-01-23-3 - iOS 12.5.7 addresses a code execution vulnerability.
Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content. While it was originally addressed by the company on November
Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Red Hat Security Advisory 2023-0021-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-0016-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42856: webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution
Plus: Patches for Apple iOS 16, Google Chrome, Windows 10, and more.
Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-3 - iOS 16.1.2 addresses a code execution vulnerability.
Apple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.
Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. Tracked as CVE-2022-42856, the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading to