Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0016: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-42856: webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#webkit

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-01-04

Updated:

2023-01-04

RHSA-2023:0016 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: webkit2gtk3 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

  • webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution (CVE-2022-42856)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2153683 - CVE-2022-42856 webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution

Red Hat Enterprise Linux for x86_64 8

SRPM

webkit2gtk3-2.36.7-1.el8_7.1.src.rpm

SHA-256: 568dcb9c015df26fd8d65f6b90f24d92c4df16809d88f76ad587373239d77a7b

x86_64

webkit2gtk3-2.36.7-1.el8_7.1.i686.rpm

SHA-256: 7c13f30d71b9d918bc8957f5a2eb0c3fd41791ea245ba95431e54d71928fc428

webkit2gtk3-2.36.7-1.el8_7.1.x86_64.rpm

SHA-256: 359e88440dc7d6be3f073757f3d4a96124d2fe4516bd231e4e2301182d5fd955

webkit2gtk3-debuginfo-2.36.7-1.el8_7.1.i686.rpm

SHA-256: 03097689f5c6d0b3af48a66cd364b452441c36984baefec3b149ef8602dc01e1

webkit2gtk3-debuginfo-2.36.7-1.el8_7.1.x86_64.rpm

SHA-256: 713e7587bf93b049318d759c0b1c19c9a6e0ae9e842e80c8da6b4d06b2cc7ba7

webkit2gtk3-debugsource-2.36.7-1.el8_7.1.i686.rpm

SHA-256: a02c978ce7b362ca5c0b4ae0a02a711dbc98444f8fd1db1f87f41c7dda4dd07d

webkit2gtk3-debugsource-2.36.7-1.el8_7.1.x86_64.rpm

SHA-256: a02d8b6d577cb4aded12d854036156a331e4ff6116e9a6f84458b2c25aa7b5f7

webkit2gtk3-devel-2.36.7-1.el8_7.1.i686.rpm

SHA-256: 6d5798eafc250e8fe933e44eadb80c94a780d1a825cd00c7a7b9a3aae6dd2153

webkit2gtk3-devel-2.36.7-1.el8_7.1.x86_64.rpm

SHA-256: 1832c3f9ef54d003709464e7f4427d0fd162377ef32b263715a80e039ecdcb81

webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.1.i686.rpm

SHA-256: 0595964d69a95422051d1064aabd8bb0bf2f4be0e4f76d2fddc58a87ad6ed987

webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.1.x86_64.rpm

SHA-256: cf595ee6d2c0306987edde015bde08cc9851cc7c2f955185d17d1b5b78a09d2f

webkit2gtk3-jsc-2.36.7-1.el8_7.1.i686.rpm

SHA-256: e7adba71c2372b2d612b6a81e5f3f1b73752daa029c6d8c3451becba8f19830a

webkit2gtk3-jsc-2.36.7-1.el8_7.1.x86_64.rpm

SHA-256: ec0c461c09c493177e91ea194791a9504cb7b1fb952c8adbfec50d816d25a032

webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.1.i686.rpm

SHA-256: b2aac1cef97903ed96eadd0885d0e3f0d2c1ae89383b3a2cd92031f07670e880

webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.1.x86_64.rpm

SHA-256: 1b8c82e7b710ca8431d43c44f4ee5cc2674c9902b514e5c1b0b13a6aeb8e2776

webkit2gtk3-jsc-devel-2.36.7-1.el8_7.1.i686.rpm

SHA-256: ea83a7c3c927745ee3e1f0b7a7a5e4a21b6501f61bbb3fbd4a7092069e0f5869

webkit2gtk3-jsc-devel-2.36.7-1.el8_7.1.x86_64.rpm

SHA-256: e06e3558d2de9fe38f4f06c73a2e0bda57ae32b047ef10e451ffcec960e18182

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.1.i686.rpm

SHA-256: 5010eeaad0af997703d0df57b4a31dcd824cebaf29af88e973c9600e571652ac

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.1.x86_64.rpm

SHA-256: 3af7ad2352384309ed750e77c0d51cc4bdea24f4d30df1de1c25efed50e5a7fc

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

webkit2gtk3-2.36.7-1.el8_7.1.src.rpm

SHA-256: 568dcb9c015df26fd8d65f6b90f24d92c4df16809d88f76ad587373239d77a7b

s390x

webkit2gtk3-2.36.7-1.el8_7.1.s390x.rpm

SHA-256: f1c45c449f7d52acb83e1b63d42b7f07483b9bb757f3c9ec7078774ffbcbef87

webkit2gtk3-debuginfo-2.36.7-1.el8_7.1.s390x.rpm

SHA-256: fefb9391ca82941ae9a6ad4d7aec421e8fa9046484cbd56f2b286a9136620e02

webkit2gtk3-debugsource-2.36.7-1.el8_7.1.s390x.rpm

SHA-256: dc7f101455eb50d28ef115283a2061b473ccee099be7914c177e1f981b038d41

webkit2gtk3-devel-2.36.7-1.el8_7.1.s390x.rpm

SHA-256: 2a1c4162e6986187b16be64bf0227a1407139f7811b7241df1d5e595a72da9f3

webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.1.s390x.rpm

SHA-256: 08c9a0ccc970b7e05e17b053220eb2715bce3cb7340d56d39e9bd28c8a8131f3

webkit2gtk3-jsc-2.36.7-1.el8_7.1.s390x.rpm

SHA-256: 9b47fb97eb567c9a307cf7f1f6dc46cd7b8f9d2efef974e757787a14fd74310f

webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.1.s390x.rpm

SHA-256: 55c429d4f3cc047328c2c2bd7f8b8d7ab2ec76e8962c11f334a417106c963f3c

webkit2gtk3-jsc-devel-2.36.7-1.el8_7.1.s390x.rpm

SHA-256: a830272217391a8141b3644ece172b59ff8baf1eb03ffef4c4389cfc55387bcb

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.1.s390x.rpm

SHA-256: 44464f7fcff34c7b3c913d99f7ec3b908d0dbc14183db635debefbb8b1a01860

Red Hat Enterprise Linux for Power, little endian 8

SRPM

webkit2gtk3-2.36.7-1.el8_7.1.src.rpm

SHA-256: 568dcb9c015df26fd8d65f6b90f24d92c4df16809d88f76ad587373239d77a7b

ppc64le

webkit2gtk3-2.36.7-1.el8_7.1.ppc64le.rpm

SHA-256: 97b38bf6fe393fdbb1fcae7f93364dcf2163744e287697825e0ea357305c7fa4

webkit2gtk3-debuginfo-2.36.7-1.el8_7.1.ppc64le.rpm

SHA-256: 95a68827b75036ccca561bb13a61777fa3b35f9c6f04ffeb56e01d01950c6f46

webkit2gtk3-debugsource-2.36.7-1.el8_7.1.ppc64le.rpm

SHA-256: 7ba19024321b60d393a9271b80c49ef0c1365aa8973f9e643d1dd058251847d1

webkit2gtk3-devel-2.36.7-1.el8_7.1.ppc64le.rpm

SHA-256: 7f309efa4c8855817d0d9e259dbad8219a1e43a088ba29f7bd04a98a1cce4304

webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.1.ppc64le.rpm

SHA-256: 80a14fbe0fbae7c52cdec13c3d704ab32b45ea67c0e5b8949824430ddcdb250e

webkit2gtk3-jsc-2.36.7-1.el8_7.1.ppc64le.rpm

SHA-256: 3ff0bee5a070a44b619a6725e8fe93cab734939ced850a552152e66c8bb74533

webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.1.ppc64le.rpm

SHA-256: 8e1b6762017289753b31368c6fe75fa99c3f641340a9edc491e00397b8577bd6

webkit2gtk3-jsc-devel-2.36.7-1.el8_7.1.ppc64le.rpm

SHA-256: 57e90cacacc692cf7113d8263e0e1196b380ae1ffca9035c3664d5a8cddda87d

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.1.ppc64le.rpm

SHA-256: 8da3375cb580fbdffa338af9e613ef578b87def1bf90228d609ca948894843a9

Red Hat Enterprise Linux for ARM 64 8

SRPM

webkit2gtk3-2.36.7-1.el8_7.1.src.rpm

SHA-256: 568dcb9c015df26fd8d65f6b90f24d92c4df16809d88f76ad587373239d77a7b

aarch64

webkit2gtk3-2.36.7-1.el8_7.1.aarch64.rpm

SHA-256: 90d6e4d8cbaa83c04d64df5cf20ab593f9f8c3e4d502f896338022bc7cfd3069

webkit2gtk3-debuginfo-2.36.7-1.el8_7.1.aarch64.rpm

SHA-256: 5830a45976a1f4e58c02f6336b202089ad7f328fc9c528d1520c22c2709bdc9b

webkit2gtk3-debugsource-2.36.7-1.el8_7.1.aarch64.rpm

SHA-256: 93beb2d4341f9700464eff2c5261915184fb4b1c55c055c4552df3a8460a68a7

webkit2gtk3-devel-2.36.7-1.el8_7.1.aarch64.rpm

SHA-256: 9f9be94fd9af38925f188ad38b903ac010215981de2ec58b747fde78138b1e37

webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.1.aarch64.rpm

SHA-256: 0e949cce39a42534817b2f7e7d080f2257bc7524c3ee70714b772b12694dc950

webkit2gtk3-jsc-2.36.7-1.el8_7.1.aarch64.rpm

SHA-256: bf1667116379269d0d9cd5f329ffd399a1119fab62a333a8515beb7808b0c97c

webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.1.aarch64.rpm

SHA-256: 8e21c79013020ca85995520e0f44c7b90277079d7a4d0547bec9f6f6b2fe5ac6

webkit2gtk3-jsc-devel-2.36.7-1.el8_7.1.aarch64.rpm

SHA-256: bc90272ce84d481c843362ab094a1acb1d552ac99e1d6d6189f8bafd06d5cfea

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.1.aarch64.rpm

SHA-256: d01b4a2d5a87d1ec719528235004daac185adab989f75f08927665145a5fd8ef

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202305-32

Gentoo Linux Security Advisory 202305-32 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.40.1 are affected.

Google reveals spyware attack on Android, iOS, and Chrome

By Habiba Rashid Google's Threat Analysis Group (TAG) labeled the spyware campaign as limited but highly targeted. This is a post from HackRead.com Read the original post: Google reveals spyware attack on Android, iOS, and Chrome

Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw

Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution. The iPhone maker said the

Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content. While it was originally addressed by the company on November

Own an older iPhone? Check you're on the latest version to avoid this bug

Categories: Apple Categories: Exploits and vulnerabilities Categories: News Tags: iOS 12.5.7 Tags: CVE-2022-42856 Tags: type confusion Tags: WebKit Apple has now released security content for iOS 12.5.7 which includes a patch for an actively exploited vulnerability in WebKit and many other updates. (Read more...) The post Own an older iPhone? Check you're on the latest version to avoid this bug appeared first on Malwarebytes Labs.

Ubuntu Security Notice USN-5797-1

Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

RHSA-2023:0021: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42856: webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution

Debian Security Advisory 5308-1

Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.

Apple Security Advisory 2022-12-13-9

Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-7

Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-4

Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-3

Apple Security Advisory 2022-12-13-3 - iOS 16.1.2 addresses a code execution vulnerability.

Update now! Apple patches active exploit vulnerability for iPhones

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: iOS 16.1.2 Tags: Safari 16.2 Tags: CVE-2022-42856 Tags: type confusion Apple has released new security content for iOS 16.1.2 and Safari 16.2. to fix a zero-day security vulnerability that was actively exploited (Read more...) The post Update now! Apple patches active exploit vulnerability for iPhones appeared first on Malwarebytes Labs.

CVE-2022-46700: About the security content of iOS 15.7.2 and iPadOS 15.7.2

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-46701: About the security content of macOS Ventura 13.1

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.

New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products

Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. Tracked as CVE-2022-42856, the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading to