Headline
RHSA-2023:0016: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-42856: webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-01-04
Updated:
2023-01-04
RHSA-2023:0016 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: webkit2gtk3 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution (CVE-2022-42856)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2153683 - CVE-2022-42856 webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution
Red Hat Enterprise Linux for x86_64 8
SRPM
webkit2gtk3-2.36.7-1.el8_7.1.src.rpm
SHA-256: 568dcb9c015df26fd8d65f6b90f24d92c4df16809d88f76ad587373239d77a7b
x86_64
webkit2gtk3-2.36.7-1.el8_7.1.i686.rpm
SHA-256: 7c13f30d71b9d918bc8957f5a2eb0c3fd41791ea245ba95431e54d71928fc428
webkit2gtk3-2.36.7-1.el8_7.1.x86_64.rpm
SHA-256: 359e88440dc7d6be3f073757f3d4a96124d2fe4516bd231e4e2301182d5fd955
webkit2gtk3-debuginfo-2.36.7-1.el8_7.1.i686.rpm
SHA-256: 03097689f5c6d0b3af48a66cd364b452441c36984baefec3b149ef8602dc01e1
webkit2gtk3-debuginfo-2.36.7-1.el8_7.1.x86_64.rpm
SHA-256: 713e7587bf93b049318d759c0b1c19c9a6e0ae9e842e80c8da6b4d06b2cc7ba7
webkit2gtk3-debugsource-2.36.7-1.el8_7.1.i686.rpm
SHA-256: a02c978ce7b362ca5c0b4ae0a02a711dbc98444f8fd1db1f87f41c7dda4dd07d
webkit2gtk3-debugsource-2.36.7-1.el8_7.1.x86_64.rpm
SHA-256: a02d8b6d577cb4aded12d854036156a331e4ff6116e9a6f84458b2c25aa7b5f7
webkit2gtk3-devel-2.36.7-1.el8_7.1.i686.rpm
SHA-256: 6d5798eafc250e8fe933e44eadb80c94a780d1a825cd00c7a7b9a3aae6dd2153
webkit2gtk3-devel-2.36.7-1.el8_7.1.x86_64.rpm
SHA-256: 1832c3f9ef54d003709464e7f4427d0fd162377ef32b263715a80e039ecdcb81
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.1.i686.rpm
SHA-256: 0595964d69a95422051d1064aabd8bb0bf2f4be0e4f76d2fddc58a87ad6ed987
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.1.x86_64.rpm
SHA-256: cf595ee6d2c0306987edde015bde08cc9851cc7c2f955185d17d1b5b78a09d2f
webkit2gtk3-jsc-2.36.7-1.el8_7.1.i686.rpm
SHA-256: e7adba71c2372b2d612b6a81e5f3f1b73752daa029c6d8c3451becba8f19830a
webkit2gtk3-jsc-2.36.7-1.el8_7.1.x86_64.rpm
SHA-256: ec0c461c09c493177e91ea194791a9504cb7b1fb952c8adbfec50d816d25a032
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.1.i686.rpm
SHA-256: b2aac1cef97903ed96eadd0885d0e3f0d2c1ae89383b3a2cd92031f07670e880
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.1.x86_64.rpm
SHA-256: 1b8c82e7b710ca8431d43c44f4ee5cc2674c9902b514e5c1b0b13a6aeb8e2776
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.1.i686.rpm
SHA-256: ea83a7c3c927745ee3e1f0b7a7a5e4a21b6501f61bbb3fbd4a7092069e0f5869
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.1.x86_64.rpm
SHA-256: e06e3558d2de9fe38f4f06c73a2e0bda57ae32b047ef10e451ffcec960e18182
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.1.i686.rpm
SHA-256: 5010eeaad0af997703d0df57b4a31dcd824cebaf29af88e973c9600e571652ac
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.1.x86_64.rpm
SHA-256: 3af7ad2352384309ed750e77c0d51cc4bdea24f4d30df1de1c25efed50e5a7fc
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
webkit2gtk3-2.36.7-1.el8_7.1.src.rpm
SHA-256: 568dcb9c015df26fd8d65f6b90f24d92c4df16809d88f76ad587373239d77a7b
s390x
webkit2gtk3-2.36.7-1.el8_7.1.s390x.rpm
SHA-256: f1c45c449f7d52acb83e1b63d42b7f07483b9bb757f3c9ec7078774ffbcbef87
webkit2gtk3-debuginfo-2.36.7-1.el8_7.1.s390x.rpm
SHA-256: fefb9391ca82941ae9a6ad4d7aec421e8fa9046484cbd56f2b286a9136620e02
webkit2gtk3-debugsource-2.36.7-1.el8_7.1.s390x.rpm
SHA-256: dc7f101455eb50d28ef115283a2061b473ccee099be7914c177e1f981b038d41
webkit2gtk3-devel-2.36.7-1.el8_7.1.s390x.rpm
SHA-256: 2a1c4162e6986187b16be64bf0227a1407139f7811b7241df1d5e595a72da9f3
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.1.s390x.rpm
SHA-256: 08c9a0ccc970b7e05e17b053220eb2715bce3cb7340d56d39e9bd28c8a8131f3
webkit2gtk3-jsc-2.36.7-1.el8_7.1.s390x.rpm
SHA-256: 9b47fb97eb567c9a307cf7f1f6dc46cd7b8f9d2efef974e757787a14fd74310f
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.1.s390x.rpm
SHA-256: 55c429d4f3cc047328c2c2bd7f8b8d7ab2ec76e8962c11f334a417106c963f3c
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.1.s390x.rpm
SHA-256: a830272217391a8141b3644ece172b59ff8baf1eb03ffef4c4389cfc55387bcb
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.1.s390x.rpm
SHA-256: 44464f7fcff34c7b3c913d99f7ec3b908d0dbc14183db635debefbb8b1a01860
Red Hat Enterprise Linux for Power, little endian 8
SRPM
webkit2gtk3-2.36.7-1.el8_7.1.src.rpm
SHA-256: 568dcb9c015df26fd8d65f6b90f24d92c4df16809d88f76ad587373239d77a7b
ppc64le
webkit2gtk3-2.36.7-1.el8_7.1.ppc64le.rpm
SHA-256: 97b38bf6fe393fdbb1fcae7f93364dcf2163744e287697825e0ea357305c7fa4
webkit2gtk3-debuginfo-2.36.7-1.el8_7.1.ppc64le.rpm
SHA-256: 95a68827b75036ccca561bb13a61777fa3b35f9c6f04ffeb56e01d01950c6f46
webkit2gtk3-debugsource-2.36.7-1.el8_7.1.ppc64le.rpm
SHA-256: 7ba19024321b60d393a9271b80c49ef0c1365aa8973f9e643d1dd058251847d1
webkit2gtk3-devel-2.36.7-1.el8_7.1.ppc64le.rpm
SHA-256: 7f309efa4c8855817d0d9e259dbad8219a1e43a088ba29f7bd04a98a1cce4304
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.1.ppc64le.rpm
SHA-256: 80a14fbe0fbae7c52cdec13c3d704ab32b45ea67c0e5b8949824430ddcdb250e
webkit2gtk3-jsc-2.36.7-1.el8_7.1.ppc64le.rpm
SHA-256: 3ff0bee5a070a44b619a6725e8fe93cab734939ced850a552152e66c8bb74533
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.1.ppc64le.rpm
SHA-256: 8e1b6762017289753b31368c6fe75fa99c3f641340a9edc491e00397b8577bd6
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.1.ppc64le.rpm
SHA-256: 57e90cacacc692cf7113d8263e0e1196b380ae1ffca9035c3664d5a8cddda87d
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.1.ppc64le.rpm
SHA-256: 8da3375cb580fbdffa338af9e613ef578b87def1bf90228d609ca948894843a9
Red Hat Enterprise Linux for ARM 64 8
SRPM
webkit2gtk3-2.36.7-1.el8_7.1.src.rpm
SHA-256: 568dcb9c015df26fd8d65f6b90f24d92c4df16809d88f76ad587373239d77a7b
aarch64
webkit2gtk3-2.36.7-1.el8_7.1.aarch64.rpm
SHA-256: 90d6e4d8cbaa83c04d64df5cf20ab593f9f8c3e4d502f896338022bc7cfd3069
webkit2gtk3-debuginfo-2.36.7-1.el8_7.1.aarch64.rpm
SHA-256: 5830a45976a1f4e58c02f6336b202089ad7f328fc9c528d1520c22c2709bdc9b
webkit2gtk3-debugsource-2.36.7-1.el8_7.1.aarch64.rpm
SHA-256: 93beb2d4341f9700464eff2c5261915184fb4b1c55c055c4552df3a8460a68a7
webkit2gtk3-devel-2.36.7-1.el8_7.1.aarch64.rpm
SHA-256: 9f9be94fd9af38925f188ad38b903ac010215981de2ec58b747fde78138b1e37
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.1.aarch64.rpm
SHA-256: 0e949cce39a42534817b2f7e7d080f2257bc7524c3ee70714b772b12694dc950
webkit2gtk3-jsc-2.36.7-1.el8_7.1.aarch64.rpm
SHA-256: bf1667116379269d0d9cd5f329ffd399a1119fab62a333a8515beb7808b0c97c
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.1.aarch64.rpm
SHA-256: 8e21c79013020ca85995520e0f44c7b90277079d7a4d0547bec9f6f6b2fe5ac6
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.1.aarch64.rpm
SHA-256: bc90272ce84d481c843362ab094a1acb1d552ac99e1d6d6189f8bafd06d5cfea
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.1.aarch64.rpm
SHA-256: d01b4a2d5a87d1ec719528235004daac185adab989f75f08927665145a5fd8ef
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202305-32 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.40.1 are affected.
By Habiba Rashid Google's Threat Analysis Group (TAG) labeled the spyware campaign as limited but highly targeted. This is a post from HackRead.com Read the original post: Google reveals spyware attack on Android, iOS, and Chrome
Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution. The iPhone maker said the
Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content. While it was originally addressed by the company on November
Categories: Apple Categories: Exploits and vulnerabilities Categories: News Tags: iOS 12.5.7 Tags: CVE-2022-42856 Tags: type confusion Tags: WebKit Apple has now released security content for iOS 12.5.7 which includes a patch for an actively exploited vulnerability in WebKit and many other updates. (Read more...) The post Own an older iPhone? Check you're on the latest version to avoid this bug appeared first on Malwarebytes Labs.
Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42856: webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution
Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.
Plus: Patches for Apple iOS 16, Google Chrome, Windows 10, and more.
Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-3 - iOS 16.1.2 addresses a code execution vulnerability.
Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: iOS 16.1.2 Tags: Safari 16.2 Tags: CVE-2022-42856 Tags: type confusion Apple has released new security content for iOS 16.1.2 and Safari 16.2. to fix a zero-day security vulnerability that was actively exploited (Read more...) The post Update now! Apple patches active exploit vulnerability for iPhones appeared first on Malwarebytes Labs.
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.
Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. Tracked as CVE-2022-42856, the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading to