Headline
RHSA-2023:0903: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-23529: A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may, in theory, allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-02-22
Updated:
2023-02-22
RHSA-2023:0903 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: webkit2gtk3 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution (CVE-2023-23529)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2169934 - CVE-2023-23529 webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution
Red Hat Enterprise Linux for x86_64 9
SRPM
webkit2gtk3-2.36.7-1.el9_1.2.src.rpm
SHA-256: 60fe6406347aa84ab5d218196259d068f99ea4783b85cf8fb5c578e660bae2f0
x86_64
webkit2gtk3-2.36.7-1.el9_1.2.i686.rpm
SHA-256: 0dd949d2147cfbfb263c8218ca00d2fc5adfcd52fd1faf246cc8e461e3fd9f17
webkit2gtk3-2.36.7-1.el9_1.2.x86_64.rpm
SHA-256: acfe09fd506e61441a72d92febe4e0f983b6ca1180dcea1346f519a2053eca8f
webkit2gtk3-debuginfo-2.36.7-1.el9_1.2.i686.rpm
SHA-256: debb607eee261665778945475ea94528c09f996df9c41de9a14e3d0152842613
webkit2gtk3-debuginfo-2.36.7-1.el9_1.2.x86_64.rpm
SHA-256: f09dcfc35913bef2d81022a427192612e6494ec6e8c5c741b918896673b9cef1
webkit2gtk3-debugsource-2.36.7-1.el9_1.2.i686.rpm
SHA-256: 12c1cb7a1672ccc38d08e074cb105d466d5f5e18785f2a87a3f11d29456ede53
webkit2gtk3-debugsource-2.36.7-1.el9_1.2.x86_64.rpm
SHA-256: e5746843ff6aac0677c9465d424c2af74e4c5b816f31d3540311c1902af3141e
webkit2gtk3-devel-2.36.7-1.el9_1.2.i686.rpm
SHA-256: ee9c8d82cc38443ca8d66ad273ad93c83e43369b27522c589de8268dfc77103e
webkit2gtk3-devel-2.36.7-1.el9_1.2.x86_64.rpm
SHA-256: b8e3b030842c0f1f745797f9f1d394dcb10ab60d394cf5eb40d62df2753c9821
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.2.i686.rpm
SHA-256: 88ef73d68b5726b661f98e213339e472ece22b912cf5c613c03acac1281583ef
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.2.x86_64.rpm
SHA-256: 09766110ed018ed405f30ce338f5b65ec004eb18d26896b75741a54ff11f82e6
webkit2gtk3-jsc-2.36.7-1.el9_1.2.i686.rpm
SHA-256: 5cf300a7ca89a7cc0277016b773b9e2b49944bc99f0edc0bae37d72c6edd74b7
webkit2gtk3-jsc-2.36.7-1.el9_1.2.x86_64.rpm
SHA-256: 4177a2bfd5e0d3093ecdfd5a4740f960a01862979d82b52013e684dc688106d5
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.2.i686.rpm
SHA-256: f9efa667c4679850d918b11a5ad65d1f1131ce9cfe3642a5f6e60d01687cfab0
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.2.x86_64.rpm
SHA-256: e7c8605f0c57b3738279f7d4e1b107f4f494f2becab4333bf7e3dad1ad99d389
webkit2gtk3-jsc-devel-2.36.7-1.el9_1.2.i686.rpm
SHA-256: 906735c92b71f7fe8a0c910a9890d18f109aab2fd541e249b7dfbe10c43719ef
webkit2gtk3-jsc-devel-2.36.7-1.el9_1.2.x86_64.rpm
SHA-256: a8a106e9797413a0897f5c406f1a7771ae82275999cd888c1585f42f8467a6ab
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.2.i686.rpm
SHA-256: 5a34e1b2633ddb3cd4efde6190caa6980d7bc178796761d2cb3a02f79646fe29
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.2.x86_64.rpm
SHA-256: 537c229d2375440da55ce866579f60faddba7305016a150c55cced267d1c1ad4
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
webkit2gtk3-2.36.7-1.el9_1.2.src.rpm
SHA-256: 60fe6406347aa84ab5d218196259d068f99ea4783b85cf8fb5c578e660bae2f0
s390x
webkit2gtk3-2.36.7-1.el9_1.2.s390x.rpm
SHA-256: d94530111c032928e0636cc06ab8920f9a6ee624074d2ea6302624ad01a0f876
webkit2gtk3-debuginfo-2.36.7-1.el9_1.2.s390x.rpm
SHA-256: 52b4fca84f1c7327601eb320dff912464ab23310cd7712fdc2ee585f371f84c9
webkit2gtk3-debugsource-2.36.7-1.el9_1.2.s390x.rpm
SHA-256: 60de6b9cdd224a5ce5bf5411bdec7a236a1b60fcf74c686e1d5b3875455d93e9
webkit2gtk3-devel-2.36.7-1.el9_1.2.s390x.rpm
SHA-256: 73ee58a6dcebd77d7f6fd02a2c39d9e79a5f781a523ba6e93aa4453dbdf85f5c
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.2.s390x.rpm
SHA-256: 46e9e904cbff24b0efb9069b2445d9753a56247a78df4a170c5ccc4d5c251a6d
webkit2gtk3-jsc-2.36.7-1.el9_1.2.s390x.rpm
SHA-256: d145e11d96340d985a3dec1e6ce91ac3cd68b6cc243ce39cc0d767269adb2db1
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.2.s390x.rpm
SHA-256: d7aafc01b862d895c551a965209d48441f11de572548f2784fb4f14b51410bec
webkit2gtk3-jsc-devel-2.36.7-1.el9_1.2.s390x.rpm
SHA-256: a35a7415a378c690ec973dc604c08fd8f2b62a50211dd4da692937569efaa119
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.2.s390x.rpm
SHA-256: 6ea921953cad52073d279ec5caab68a61b9b564cbf6fee78f9778d34096d7f86
Red Hat Enterprise Linux for Power, little endian 9
SRPM
webkit2gtk3-2.36.7-1.el9_1.2.src.rpm
SHA-256: 60fe6406347aa84ab5d218196259d068f99ea4783b85cf8fb5c578e660bae2f0
ppc64le
webkit2gtk3-2.36.7-1.el9_1.2.ppc64le.rpm
SHA-256: 11f0421f7a5dc40b552d447ddce436ee7df3ee743abb0a6c09a6c6b01c75ab09
webkit2gtk3-debuginfo-2.36.7-1.el9_1.2.ppc64le.rpm
SHA-256: 8249cc1bf3a228d274072d290c7f06d5dee09f777133a59022cd2297cfb168ab
webkit2gtk3-debugsource-2.36.7-1.el9_1.2.ppc64le.rpm
SHA-256: a1c05c8e933696e2d9640e3498b7be4a051721af2dc2e8abc0261f8c1013d4d0
webkit2gtk3-devel-2.36.7-1.el9_1.2.ppc64le.rpm
SHA-256: 8b6104b7c2594a360eb33fdf6827691842ed8caf40351b8ffb2c41151c681f3e
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.2.ppc64le.rpm
SHA-256: 9202f2438e98e161b57576690b8b23317487e30390b0f84e960d8e2baa36e732
webkit2gtk3-jsc-2.36.7-1.el9_1.2.ppc64le.rpm
SHA-256: 569ac413ad1becd34fa22b0ce007cb53938a50d0be2cdd5487d0c33e6bd25ef6
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.2.ppc64le.rpm
SHA-256: d8379fd4f72a3a5da88e47010839cb191e57bfe2f1863c5f1e599440a7668603
webkit2gtk3-jsc-devel-2.36.7-1.el9_1.2.ppc64le.rpm
SHA-256: 5a786d3150c367fb0ab060fd1df25c1be0827dd8622ad218dca552162566cb66
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.2.ppc64le.rpm
SHA-256: 9dd2609c8feb8a567505001960715b2f6c9700d82dc0b19f08a00183d809482f
Red Hat Enterprise Linux for ARM 64 9
SRPM
webkit2gtk3-2.36.7-1.el9_1.2.src.rpm
SHA-256: 60fe6406347aa84ab5d218196259d068f99ea4783b85cf8fb5c578e660bae2f0
aarch64
webkit2gtk3-2.36.7-1.el9_1.2.aarch64.rpm
SHA-256: 1184689d73841c957df8d0d582d7b959ecda3468d98ede7af673791fdc74c2e4
webkit2gtk3-debuginfo-2.36.7-1.el9_1.2.aarch64.rpm
SHA-256: 2cdd6dbafaba0a219a8cd6f3fadb7de55e0788db38d37f5fd7b1353d31e9496d
webkit2gtk3-debugsource-2.36.7-1.el9_1.2.aarch64.rpm
SHA-256: 585e05395648a97f6c5e90011c62cd0ea3f0c0ee88b9d50b1739fbb73e4f20a1
webkit2gtk3-devel-2.36.7-1.el9_1.2.aarch64.rpm
SHA-256: 7f32fe2488f9f1fa2ee1278646d6617cb84c57bc4de50c36e447b661d9a18b6c
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.2.aarch64.rpm
SHA-256: 593c0a823d7456753c10d30b7091af9d362e2a0f400643b41898f9b0fbd46f38
webkit2gtk3-jsc-2.36.7-1.el9_1.2.aarch64.rpm
SHA-256: 0440277f7e32b9661e9eaaa8c1f2db091c46c64ab9efcc9f3964357c5e4ef6ec
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.2.aarch64.rpm
SHA-256: f32b62d44afcb1ba4ff4a7cb49512da4205c62124a5bedb8da7105671d09e560
webkit2gtk3-jsc-devel-2.36.7-1.el9_1.2.aarch64.rpm
SHA-256: 644239e7263f4e2df88607a32e01a0ecd21202bbd6d8949b51f85734bb574b04
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.2.aarch64.rpm
SHA-256: f78fa02234b3af1b15cb503faf4db38f3f434cf89e6976760747167e4754a9f3
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the campaign is not known.
Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409 - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with
Categories: Apple Categories: Exploits and vulnerabilities Categories: News Tags: macOS Tags: iOS Tags: iPadOS Tags: watchOS Tags: tvOS Tags: Studio Display Tags: CVE-2023-23529 Tags: type confusion Tags: emoji Apple has released security updates and new features for several of its products, including a fix for an actively exploited vulnerability. (Read more...) The post Update now! Apple fixes actively exploited vulnerability and introduces new features appeared first on Malwarebytes Labs.
Plus: Microsoft fixes several zero-day bugs, Google patches Chrome and Android, Mozilla rids Firefox of a full-screen vulnerability, and more.
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1. An app may be able to execute arbitrary code with kernel privileges..
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Ubuntu Security Notice 5893-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Red Hat Security Advisory 2023-0902-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-0903-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-23529: A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may, in theory, allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system.
Debian Linux Security Advisory 5352-1 - An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Debian Linux Security Advisory 5351-1 - An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Hey 👋 there, cyber friends! Welcome to this week's cybersecurity newsletter, where we aim to keep you informed and empowered in the ever-changing world of cyber threats. In today's edition, we will cover some interesting developments in the cybersecurity landscape and share some insightful analysis of each to help you protect yourself against potential attacks. 1. Apple 📱 Devices Hacked with
Apple Security Advisory 2023-02-13-3 - Safari 16.3.1 addresses a code execution vulnerability.
Apple Security Advisory 2023-02-13-2 - macOS Ventura 13.2.1 addresses code execution and use-after-free vulnerabilities.
Apple Security Advisory 2023-02-13-1 - iOS 16.3.1 and iPadOS 16.3.1 addresses code execution and use-after-free vulnerabilities.
By Deeba Ahmed If you are using an Apple product, it is time to update it right now and make sure the automatic updates are enabled. This is a post from HackRead.com Read the original post: Update Now: iOS Devices Receive Vital Security Updates from Apple
Categories: Apple Categories: Exploits and vulnerabilities Tags: Apple Tags: macOS Ventura Tags: 13.2.1 Tags: iOS Tags: iPadOS Tags: 16.3.1 Tags: CVE-2023-23514 Tags: CVE-2023-23522 Tags: CVE-2023-23529 Tags: use after free Tags: type confusion Apple has released patches for macOS Ventura, iPadOs, and iOS. Among the patched vulnerabilities is a WebKit vulnerability which may have been exploited in the wild. (Read more...) The post Update now! Apple patches vulnerabilities in MacOS and iOS appeared first on Malwarebytes Labs.
Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution. The iPhone maker said the