Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0021: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-42856: webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#webkit

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-01-04

Updated:

2023-01-04

RHSA-2023:0021 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: webkit2gtk3 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

  • webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution (CVE-2022-42856)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2153683 - CVE-2022-42856 webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution

Red Hat Enterprise Linux for x86_64 9

SRPM

webkit2gtk3-2.36.7-1.el9_1.1.src.rpm

SHA-256: 45ee9c0c275a4092d89c7b3b52e334e4e6e0a2ec6c6a3fe3255060f03d9c7b74

x86_64

webkit2gtk3-2.36.7-1.el9_1.1.i686.rpm

SHA-256: 6fb5a53888f70aebfd93293e17a3634fd05c1f8290db82c4130c3f05fdcfef7b

webkit2gtk3-2.36.7-1.el9_1.1.x86_64.rpm

SHA-256: 1c5fb88bc4d1962d15192f9714443c3b648fed79fbb1e33e5ebfb22da1e47cf8

webkit2gtk3-debuginfo-2.36.7-1.el9_1.1.i686.rpm

SHA-256: 67934a702a5314bf6b46d60ef159e09e3368ef24c2b55e8d615c3b6adf02e7ed

webkit2gtk3-debuginfo-2.36.7-1.el9_1.1.x86_64.rpm

SHA-256: e31e0d379d229c6df049b54c174ddea92ca264a7e0bfad66414ce24ec7c82b83

webkit2gtk3-debugsource-2.36.7-1.el9_1.1.i686.rpm

SHA-256: e72ef8aeaa5b7c381094d9edc8d870d0449085d4cbc27e3cd7896f5fca0b9cc9

webkit2gtk3-debugsource-2.36.7-1.el9_1.1.x86_64.rpm

SHA-256: ba8c3cc98114d405524a9ead4a06424ad4912520bf2c428ffd1b1ccf3cfdafda

webkit2gtk3-devel-2.36.7-1.el9_1.1.i686.rpm

SHA-256: 7c3a5e66c9af206c093987324d2d02a30d543202602843a9451aa6f99b915d02

webkit2gtk3-devel-2.36.7-1.el9_1.1.x86_64.rpm

SHA-256: 9336ec9f3b369722aa9ea9982a2c7df7c5bf004b7d5d1ed191ad3ec6bb739cff

webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.1.i686.rpm

SHA-256: c00a99b3fff6b0d7bddfe5a272a9538f278e73223221db6005ec58566c852c2c

webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.1.x86_64.rpm

SHA-256: db51f6cdfbf98aaef62e2e24e53047ee74e852e5d8d7b6a135a8160b9e7ec434

webkit2gtk3-jsc-2.36.7-1.el9_1.1.i686.rpm

SHA-256: 20d61327edc925eafd5937a2a516cc2a81c410608256dd5abd8d5ff37a833838

webkit2gtk3-jsc-2.36.7-1.el9_1.1.x86_64.rpm

SHA-256: 17c4ab66470c55d2e33640ebc1be04c326e6da2e0ef5bc790b02c88b6cced969

webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.1.i686.rpm

SHA-256: 8e4db7a1f618049c24e3f64de79bc4963368408a501183391ba95a858be1a180

webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.1.x86_64.rpm

SHA-256: e77e4484508f28354fab39b6c3df797e11c43bd1c01050a1bea47b8dcb8a3ca2

webkit2gtk3-jsc-devel-2.36.7-1.el9_1.1.i686.rpm

SHA-256: 7931e2556536b55cd0c450f97da6f1aa2b039026d3656d0be2476b52edb8f81f

webkit2gtk3-jsc-devel-2.36.7-1.el9_1.1.x86_64.rpm

SHA-256: 7621e89710c60f7a1217cbfe0748269d1a2769c3d7bc91449404b013f46e9bb0

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.1.i686.rpm

SHA-256: 6c8042a6d7fe1978dc1bea1440273c62854c10500f51d5f4791e5ee5772bfff7

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.1.x86_64.rpm

SHA-256: 50a8237c261777cde5ed420e5069a9baebd049e1d8743730ddfb2844cd235106

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

webkit2gtk3-2.36.7-1.el9_1.1.src.rpm

SHA-256: 45ee9c0c275a4092d89c7b3b52e334e4e6e0a2ec6c6a3fe3255060f03d9c7b74

s390x

webkit2gtk3-2.36.7-1.el9_1.1.s390x.rpm

SHA-256: 3c8e70e19ae028df59873ee817ea8d6cea6dde3dc681b1673a5adb707b076910

webkit2gtk3-debuginfo-2.36.7-1.el9_1.1.s390x.rpm

SHA-256: 83f4ec29b7b0d8b2199767958a31aff0bccf1b25e21b94c13754ff8e07cdde77

webkit2gtk3-debugsource-2.36.7-1.el9_1.1.s390x.rpm

SHA-256: 10be03e4c8f7ccbc15b7dedefe087c46619454fd1a6af2ae7b922760cc25abd4

webkit2gtk3-devel-2.36.7-1.el9_1.1.s390x.rpm

SHA-256: a35dfcf2b8d97fdb030aa5e3a6a8ad36cf887507053db1c542f9d4797d728d60

webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.1.s390x.rpm

SHA-256: fcc00ea367beee4b821f59d9e5f303584cbe5c9c2eb25a7e818d00249ad20bef

webkit2gtk3-jsc-2.36.7-1.el9_1.1.s390x.rpm

SHA-256: a5c9f1da81d58b69c909fe332f4a5dc98fae102b2984a3610a79e82f662eb053

webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.1.s390x.rpm

SHA-256: ed632a8937366c912cedafe29b3fbe8569f9ad97491352995a9c506774d215ea

webkit2gtk3-jsc-devel-2.36.7-1.el9_1.1.s390x.rpm

SHA-256: 1e06ecbe1aeea3bc0d6ed5f30e45a4b2b16278c0ec408df6425aaa4971452afc

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.1.s390x.rpm

SHA-256: 12393dd2cc0c19aa9c94eaf441c7e3dcc10611af951e928602204bbe240dd204

Red Hat Enterprise Linux for Power, little endian 9

SRPM

webkit2gtk3-2.36.7-1.el9_1.1.src.rpm

SHA-256: 45ee9c0c275a4092d89c7b3b52e334e4e6e0a2ec6c6a3fe3255060f03d9c7b74

ppc64le

webkit2gtk3-2.36.7-1.el9_1.1.ppc64le.rpm

SHA-256: b34a8b2451d7d31a74c81b30044cdb720d30a634ac86ada6219c4e9d2c421d47

webkit2gtk3-debuginfo-2.36.7-1.el9_1.1.ppc64le.rpm

SHA-256: a6dc26e51fbde07ada60c51380d4fb1759e76ae0449c84d4d43436b1b3298803

webkit2gtk3-debugsource-2.36.7-1.el9_1.1.ppc64le.rpm

SHA-256: ba2205cd4ea527b944c4f83f5d5dd6697799e20ff2ca08143a1825d18fdefaab

webkit2gtk3-devel-2.36.7-1.el9_1.1.ppc64le.rpm

SHA-256: 07dcb3f2dcde8c43ee84fd39ef03f9c188ee1eae63b4317fc81f6d857a43c4d0

webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.1.ppc64le.rpm

SHA-256: af5ff9f6a2d1401b508d8c170f8d4b37c8653b2941040c2a1ad61c8fc910992b

webkit2gtk3-jsc-2.36.7-1.el9_1.1.ppc64le.rpm

SHA-256: 840838ee18a41dbb213eb5787eff0306bd0aca5718662c614339b69b16981f54

webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.1.ppc64le.rpm

SHA-256: 02db40c15f207ff6204d0159e19d18e0307a4b090dc3eb4e2da95d102a17a075

webkit2gtk3-jsc-devel-2.36.7-1.el9_1.1.ppc64le.rpm

SHA-256: 1054898c929fa23a9c576da2155347dc12f4ae6a534da574260dbb01d35b5f99

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.1.ppc64le.rpm

SHA-256: fce49d161e64d590e34531ea79262bb12075c7c640297d35ed1cf4bb1e14130a

Red Hat Enterprise Linux for ARM 64 9

SRPM

webkit2gtk3-2.36.7-1.el9_1.1.src.rpm

SHA-256: 45ee9c0c275a4092d89c7b3b52e334e4e6e0a2ec6c6a3fe3255060f03d9c7b74

aarch64

webkit2gtk3-2.36.7-1.el9_1.1.aarch64.rpm

SHA-256: 82afbda6808c14d1e88923b57a7a4a069c7dbdecb74f14b281f30c5f82f1625b

webkit2gtk3-debuginfo-2.36.7-1.el9_1.1.aarch64.rpm

SHA-256: b4c2f1406c7d38a27bcff0303cbecfd89803acacdee1c72d19314482b25e52fd

webkit2gtk3-debugsource-2.36.7-1.el9_1.1.aarch64.rpm

SHA-256: 9f904024de2abc06952e2924d6a453f21f0b68110d544147c2aac332bfa64e40

webkit2gtk3-devel-2.36.7-1.el9_1.1.aarch64.rpm

SHA-256: 87efc3cf753b5adcb0fbd36ea969106d2225bc0abc038b5614370c4085c3f735

webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.1.aarch64.rpm

SHA-256: df39de37520ece7919bc2a7f03984bfa68159503b97dd1ce9f0caebb8eeee867

webkit2gtk3-jsc-2.36.7-1.el9_1.1.aarch64.rpm

SHA-256: 5f2a9a41e018c341ff04d3a6655a13b066caaac4c6c8a1ddf5a798945d5f2073

webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.1.aarch64.rpm

SHA-256: b10f4d5e31714fa30f8fa19331454d66f88728e11b30ff476331e6afa4d00f0a

webkit2gtk3-jsc-devel-2.36.7-1.el9_1.1.aarch64.rpm

SHA-256: 997e0c0f9c004b482269ec929e601786725714af582767940be11221ed208767

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.1.aarch64.rpm

SHA-256: 103e59a242cede337d1256d54d5c9adcf5a6d5ddac326efde2dfb5b40e3d79a9

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202305-32

Gentoo Linux Security Advisory 202305-32 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.40.1 are affected.

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. "These

Apple Security Advisory 2023-01-23-3

Apple Security Advisory 2023-01-23-3 - iOS 12.5.7 addresses a code execution vulnerability.

Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content. While it was originally addressed by the company on November

Ubuntu Security Notice USN-5797-1

Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Red Hat Security Advisory 2023-0021-01

Red Hat Security Advisory 2023-0021-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-0016-01

Red Hat Security Advisory 2023-0016-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

RHSA-2023:0016: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42856: webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution

Apple Security Advisory 2022-12-13-7

Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-4

Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-3

Apple Security Advisory 2022-12-13-3 - iOS 16.1.2 addresses a code execution vulnerability.

Apple Security Advisory 2022-12-13-2

Apple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.

CVE-2022-46700: About the security content of iOS 15.7.2 and iPadOS 15.7.2

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-46701: About the security content of macOS Ventura 13.1

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.

New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products

Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. Tracked as CVE-2022-42856, the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading to