Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0903: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-23529: A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may, in theory, allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#webkit

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-02-22

Updated:

2023-02-22

RHSA-2023:0903 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: webkit2gtk3 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

  • webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution (CVE-2023-23529)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2169934 - CVE-2023-23529 webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution

Red Hat Enterprise Linux for x86_64 9

SRPM

webkit2gtk3-2.36.7-1.el9_1.2.src.rpm

SHA-256: 60fe6406347aa84ab5d218196259d068f99ea4783b85cf8fb5c578e660bae2f0

x86_64

webkit2gtk3-2.36.7-1.el9_1.2.i686.rpm

SHA-256: 0dd949d2147cfbfb263c8218ca00d2fc5adfcd52fd1faf246cc8e461e3fd9f17

webkit2gtk3-2.36.7-1.el9_1.2.x86_64.rpm

SHA-256: acfe09fd506e61441a72d92febe4e0f983b6ca1180dcea1346f519a2053eca8f

webkit2gtk3-debuginfo-2.36.7-1.el9_1.2.i686.rpm

SHA-256: debb607eee261665778945475ea94528c09f996df9c41de9a14e3d0152842613

webkit2gtk3-debuginfo-2.36.7-1.el9_1.2.x86_64.rpm

SHA-256: f09dcfc35913bef2d81022a427192612e6494ec6e8c5c741b918896673b9cef1

webkit2gtk3-debugsource-2.36.7-1.el9_1.2.i686.rpm

SHA-256: 12c1cb7a1672ccc38d08e074cb105d466d5f5e18785f2a87a3f11d29456ede53

webkit2gtk3-debugsource-2.36.7-1.el9_1.2.x86_64.rpm

SHA-256: e5746843ff6aac0677c9465d424c2af74e4c5b816f31d3540311c1902af3141e

webkit2gtk3-devel-2.36.7-1.el9_1.2.i686.rpm

SHA-256: ee9c8d82cc38443ca8d66ad273ad93c83e43369b27522c589de8268dfc77103e

webkit2gtk3-devel-2.36.7-1.el9_1.2.x86_64.rpm

SHA-256: b8e3b030842c0f1f745797f9f1d394dcb10ab60d394cf5eb40d62df2753c9821

webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.2.i686.rpm

SHA-256: 88ef73d68b5726b661f98e213339e472ece22b912cf5c613c03acac1281583ef

webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.2.x86_64.rpm

SHA-256: 09766110ed018ed405f30ce338f5b65ec004eb18d26896b75741a54ff11f82e6

webkit2gtk3-jsc-2.36.7-1.el9_1.2.i686.rpm

SHA-256: 5cf300a7ca89a7cc0277016b773b9e2b49944bc99f0edc0bae37d72c6edd74b7

webkit2gtk3-jsc-2.36.7-1.el9_1.2.x86_64.rpm

SHA-256: 4177a2bfd5e0d3093ecdfd5a4740f960a01862979d82b52013e684dc688106d5

webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.2.i686.rpm

SHA-256: f9efa667c4679850d918b11a5ad65d1f1131ce9cfe3642a5f6e60d01687cfab0

webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.2.x86_64.rpm

SHA-256: e7c8605f0c57b3738279f7d4e1b107f4f494f2becab4333bf7e3dad1ad99d389

webkit2gtk3-jsc-devel-2.36.7-1.el9_1.2.i686.rpm

SHA-256: 906735c92b71f7fe8a0c910a9890d18f109aab2fd541e249b7dfbe10c43719ef

webkit2gtk3-jsc-devel-2.36.7-1.el9_1.2.x86_64.rpm

SHA-256: a8a106e9797413a0897f5c406f1a7771ae82275999cd888c1585f42f8467a6ab

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.2.i686.rpm

SHA-256: 5a34e1b2633ddb3cd4efde6190caa6980d7bc178796761d2cb3a02f79646fe29

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.2.x86_64.rpm

SHA-256: 537c229d2375440da55ce866579f60faddba7305016a150c55cced267d1c1ad4

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

webkit2gtk3-2.36.7-1.el9_1.2.src.rpm

SHA-256: 60fe6406347aa84ab5d218196259d068f99ea4783b85cf8fb5c578e660bae2f0

s390x

webkit2gtk3-2.36.7-1.el9_1.2.s390x.rpm

SHA-256: d94530111c032928e0636cc06ab8920f9a6ee624074d2ea6302624ad01a0f876

webkit2gtk3-debuginfo-2.36.7-1.el9_1.2.s390x.rpm

SHA-256: 52b4fca84f1c7327601eb320dff912464ab23310cd7712fdc2ee585f371f84c9

webkit2gtk3-debugsource-2.36.7-1.el9_1.2.s390x.rpm

SHA-256: 60de6b9cdd224a5ce5bf5411bdec7a236a1b60fcf74c686e1d5b3875455d93e9

webkit2gtk3-devel-2.36.7-1.el9_1.2.s390x.rpm

SHA-256: 73ee58a6dcebd77d7f6fd02a2c39d9e79a5f781a523ba6e93aa4453dbdf85f5c

webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.2.s390x.rpm

SHA-256: 46e9e904cbff24b0efb9069b2445d9753a56247a78df4a170c5ccc4d5c251a6d

webkit2gtk3-jsc-2.36.7-1.el9_1.2.s390x.rpm

SHA-256: d145e11d96340d985a3dec1e6ce91ac3cd68b6cc243ce39cc0d767269adb2db1

webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.2.s390x.rpm

SHA-256: d7aafc01b862d895c551a965209d48441f11de572548f2784fb4f14b51410bec

webkit2gtk3-jsc-devel-2.36.7-1.el9_1.2.s390x.rpm

SHA-256: a35a7415a378c690ec973dc604c08fd8f2b62a50211dd4da692937569efaa119

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.2.s390x.rpm

SHA-256: 6ea921953cad52073d279ec5caab68a61b9b564cbf6fee78f9778d34096d7f86

Red Hat Enterprise Linux for Power, little endian 9

SRPM

webkit2gtk3-2.36.7-1.el9_1.2.src.rpm

SHA-256: 60fe6406347aa84ab5d218196259d068f99ea4783b85cf8fb5c578e660bae2f0

ppc64le

webkit2gtk3-2.36.7-1.el9_1.2.ppc64le.rpm

SHA-256: 11f0421f7a5dc40b552d447ddce436ee7df3ee743abb0a6c09a6c6b01c75ab09

webkit2gtk3-debuginfo-2.36.7-1.el9_1.2.ppc64le.rpm

SHA-256: 8249cc1bf3a228d274072d290c7f06d5dee09f777133a59022cd2297cfb168ab

webkit2gtk3-debugsource-2.36.7-1.el9_1.2.ppc64le.rpm

SHA-256: a1c05c8e933696e2d9640e3498b7be4a051721af2dc2e8abc0261f8c1013d4d0

webkit2gtk3-devel-2.36.7-1.el9_1.2.ppc64le.rpm

SHA-256: 8b6104b7c2594a360eb33fdf6827691842ed8caf40351b8ffb2c41151c681f3e

webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.2.ppc64le.rpm

SHA-256: 9202f2438e98e161b57576690b8b23317487e30390b0f84e960d8e2baa36e732

webkit2gtk3-jsc-2.36.7-1.el9_1.2.ppc64le.rpm

SHA-256: 569ac413ad1becd34fa22b0ce007cb53938a50d0be2cdd5487d0c33e6bd25ef6

webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.2.ppc64le.rpm

SHA-256: d8379fd4f72a3a5da88e47010839cb191e57bfe2f1863c5f1e599440a7668603

webkit2gtk3-jsc-devel-2.36.7-1.el9_1.2.ppc64le.rpm

SHA-256: 5a786d3150c367fb0ab060fd1df25c1be0827dd8622ad218dca552162566cb66

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.2.ppc64le.rpm

SHA-256: 9dd2609c8feb8a567505001960715b2f6c9700d82dc0b19f08a00183d809482f

Red Hat Enterprise Linux for ARM 64 9

SRPM

webkit2gtk3-2.36.7-1.el9_1.2.src.rpm

SHA-256: 60fe6406347aa84ab5d218196259d068f99ea4783b85cf8fb5c578e660bae2f0

aarch64

webkit2gtk3-2.36.7-1.el9_1.2.aarch64.rpm

SHA-256: 1184689d73841c957df8d0d582d7b959ecda3468d98ede7af673791fdc74c2e4

webkit2gtk3-debuginfo-2.36.7-1.el9_1.2.aarch64.rpm

SHA-256: 2cdd6dbafaba0a219a8cd6f3fadb7de55e0788db38d37f5fd7b1353d31e9496d

webkit2gtk3-debugsource-2.36.7-1.el9_1.2.aarch64.rpm

SHA-256: 585e05395648a97f6c5e90011c62cd0ea3f0c0ee88b9d50b1739fbb73e4f20a1

webkit2gtk3-devel-2.36.7-1.el9_1.2.aarch64.rpm

SHA-256: 7f32fe2488f9f1fa2ee1278646d6617cb84c57bc4de50c36e447b661d9a18b6c

webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.2.aarch64.rpm

SHA-256: 593c0a823d7456753c10d30b7091af9d362e2a0f400643b41898f9b0fbd46f38

webkit2gtk3-jsc-2.36.7-1.el9_1.2.aarch64.rpm

SHA-256: 0440277f7e32b9661e9eaaa8c1f2db091c46c64ab9efcc9f3964357c5e4ef6ec

webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.2.aarch64.rpm

SHA-256: f32b62d44afcb1ba4ff4a7cb49512da4205c62124a5bedb8da7105671d09e560

webkit2gtk3-jsc-devel-2.36.7-1.el9_1.2.aarch64.rpm

SHA-256: 644239e7263f4e2df88607a32e01a0ecd21202bbd6d8949b51f85734bb574b04

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.2.aarch64.rpm

SHA-256: f78fa02234b3af1b15cb503faf4db38f3f434cf89e6976760747167e4754a9f3

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the campaign is not known.

WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409 - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with

Update now! Apple fixes actively exploited vulnerability and introduces new features

Categories: Apple Categories: Exploits and vulnerabilities Categories: News Tags: macOS Tags: iOS Tags: iPadOS Tags: watchOS Tags: tvOS Tags: Studio Display Tags: CVE-2023-23529 Tags: type confusion Tags: emoji Apple has released security updates and new features for several of its products, including a fix for an actively exploited vulnerability. (Read more...) The post Update now! Apple fixes actively exploited vulnerability and introduces new features appeared first on Malwarebytes Labs.

Apple Users Need to Update iOS Now to Patch Serious Flaws

Plus: Microsoft fixes several zero-day bugs, Google patches Chrome and Android, Mozilla rids Firefox of a full-screen vulnerability, and more.

CVE-2023-23514: About the security content of iOS 16.3.1 and iPadOS 16.3.1

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1. An app may be able to execute arbitrary code with kernel privileges..

CVE-2023-23529: About the security content of Safari 16.3

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Ubuntu Security Notice USN-5893-1

Ubuntu Security Notice 5893-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Red Hat Security Advisory 2023-0902-01

Red Hat Security Advisory 2023-0902-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-0903-01

Red Hat Security Advisory 2023-0903-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

RHSA-2023:0902: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-23529: A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may, in theory, allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system.

Debian Security Advisory 5352-1

Debian Linux Security Advisory 5352-1 - An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Debian Security Advisory 5351-1

Debian Linux Security Advisory 5351-1 - An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

⚡Top Cybersecurity News Stories This Week — Cybersecurity Newsletter

Hey 👋 there, cyber friends! Welcome to this week's cybersecurity newsletter, where we aim to keep you informed and empowered in the ever-changing world of cyber threats. In today's edition, we will cover some interesting developments in the cybersecurity landscape and share some insightful analysis of each to help you protect yourself against potential attacks. 1. Apple 📱 Devices Hacked with

Apple Security Advisory 2023-02-13-3

Apple Security Advisory 2023-02-13-3 - Safari 16.3.1 addresses a code execution vulnerability.

Apple Security Advisory 2023-02-13-2

Apple Security Advisory 2023-02-13-2 - macOS Ventura 13.2.1 addresses code execution and use-after-free vulnerabilities.

Apple Security Advisory 2023-02-13-1

Apple Security Advisory 2023-02-13-1 - iOS 16.3.1 and iPadOS 16.3.1 addresses code execution and use-after-free vulnerabilities.

Update Now: iOS Devices Receive Vital Security Updates from Apple

By Deeba Ahmed If you are using an Apple product, it is time to update it right now and make sure the automatic updates are enabled. This is a post from HackRead.com Read the original post: Update Now: iOS Devices Receive Vital Security Updates from Apple

Update now! Apple patches vulnerabilities in MacOS and iOS

Categories: Apple Categories: Exploits and vulnerabilities Tags: Apple Tags: macOS Ventura Tags: 13.2.1 Tags: iOS Tags: iPadOS Tags: 16.3.1 Tags: CVE-2023-23514 Tags: CVE-2023-23522 Tags: CVE-2023-23529 Tags: use after free Tags: type confusion Apple has released patches for macOS Ventura, iPadOs, and iOS. Among the patched vulnerabilities is a WebKit vulnerability which may have been exploited in the wild. (Read more...) The post Update now! Apple patches vulnerabilities in MacOS and iOS appeared first on Malwarebytes Labs.

Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw

Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution. The iPhone maker said the