Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8054: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution
  • CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution
  • CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution
  • CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure
  • CVE-2022-26700: webkitgtk: Memory corruption issue leading to arbitrary code execution
  • CVE-2022-26709: webkitgtk: Use-after-free leading to arbitrary code execution
  • CVE-2022-26710: webkitgtk: Use-after-free leading to arbitrary code execution
  • CVE-2022-26716: webkitgtk: Memory corruption issue leading to arbitrary code execution
  • CVE-2022-26717: webkitgtk: Use-after-free leading to arbitrary code execution
  • CVE-2022-26719: webkitgtk: Memory corruption issue leading to arbitrary code execution
  • CVE-2022-30293: webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#perl#aws#buffer_overflow#ibm#webkit

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-11-15

Updated:

2022-11-15

RHSA-2022:8054 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: webkit2gtk3 security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)
  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)
  • webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)
  • webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)
  • webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)
  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)
  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)
  • webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)
  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)
  • webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)
  • webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2061996 - Upgrade WebKitGTK for RHEL 9.1
  • BZ - 2073893 - CVE-2022-22624 webkitgtk: Use-after-free leading to arbitrary code execution
  • BZ - 2073896 - CVE-2022-22628 webkitgtk: Use-after-free leading to arbitrary code execution
  • BZ - 2073899 - CVE-2022-22629 webkitgtk: Buffer overflow leading to arbitrary code execution
  • BZ - 2082548 - CVE-2022-30293 webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution
  • BZ - 2092732 - CVE-2022-26700 webkitgtk: Memory corruption issue leading to arbitrary code execution
  • BZ - 2092733 - CVE-2022-26709 webkitgtk: Use-after-free leading to arbitrary code execution
  • BZ - 2092734 - CVE-2022-26716 webkitgtk: Memory corruption issue leading to arbitrary code execution
  • BZ - 2092735 - CVE-2022-26717 webkitgtk: Use-after-free leading to arbitrary code execution
  • BZ - 2092736 - CVE-2022-26719 webkitgtk: Memory corruption issue leading to arbitrary code execution
  • BZ - 2104787 - CVE-2022-22662 webkitgtk: Cookie management issue leading to sensitive user information disclosure
  • BZ - 2104789 - CVE-2022-26710 webkitgtk: Use-after-free leading to arbitrary code execution

CVEs

  • CVE-2022-22624
  • CVE-2022-22628
  • CVE-2022-22629
  • CVE-2022-22662
  • CVE-2022-26700
  • CVE-2022-26709
  • CVE-2022-26710
  • CVE-2022-26716
  • CVE-2022-26717
  • CVE-2022-26719
  • CVE-2022-30293

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

webkit2gtk3-2.36.7-1.el9.src.rpm

SHA-256: d473a6f882164e113f1c6ff9446580929e885f2d73b715cb2259e3d34c50fbf3

x86_64

webkit2gtk3-2.36.7-1.el9.i686.rpm

SHA-256: cee88900e1c20c35e9c55005ec0ff49f36fe5b6293064534d44cef4781920baa

webkit2gtk3-2.36.7-1.el9.x86_64.rpm

SHA-256: a25de23bd91576170565adbb789765eef5d3f04d6dc1a62299b1926761bb0af6

webkit2gtk3-debuginfo-2.36.7-1.el9.i686.rpm

SHA-256: 44e9310697b074a829a8668b6dd835c78bdcc66ddbb1383d20fd726be2a92115

webkit2gtk3-debuginfo-2.36.7-1.el9.x86_64.rpm

SHA-256: 20753d209ae85fe77c205327c347277fc7b5a0bbe26fb3b1730a359aa7b86e0b

webkit2gtk3-debugsource-2.36.7-1.el9.i686.rpm

SHA-256: 7fc070aa9c3658a855c0d999e044ab9ae9d1555125761e72b481ac45fbe3f402

webkit2gtk3-debugsource-2.36.7-1.el9.x86_64.rpm

SHA-256: 215bda7c62af36e545af52c0d93e7b2cd83f8263a914beddd2bb8a3d1d548bb5

webkit2gtk3-devel-2.36.7-1.el9.i686.rpm

SHA-256: ba4013ce270ac1de5253f03c45c34f1b566d385c119f04107aa497a98c47d9c5

webkit2gtk3-devel-2.36.7-1.el9.x86_64.rpm

SHA-256: fbbd4cc42c8ac4167212e982aa074f33593d5c6a6d3f188674d00e764623e7ed

webkit2gtk3-devel-debuginfo-2.36.7-1.el9.i686.rpm

SHA-256: a1fe121cc1114e2c87adf7901106d27a71a386f204ca5d138226a53e3111e1e1

webkit2gtk3-devel-debuginfo-2.36.7-1.el9.x86_64.rpm

SHA-256: 45b052f6b57237ffefafbf1ae47d2ca0dc65f61102404e6b5e3bdb45baaa22c6

webkit2gtk3-jsc-2.36.7-1.el9.i686.rpm

SHA-256: 4748b4de46214d63a2b2b2a5fa2745a5735654d30d92de71475265eed6a545a4

webkit2gtk3-jsc-2.36.7-1.el9.x86_64.rpm

SHA-256: c03849c4132fa3836d4e6957c2dfa48e0e0226097698fb7dbb29759926c7820c

webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.i686.rpm

SHA-256: 898525d37d771a347b6db571a37cab15380b087a210bf0c481a06c4303fef524

webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.x86_64.rpm

SHA-256: f598fdaf6c177b5f8131c04d2d456289a2d1049702981e2f4966e1f7602c7165

webkit2gtk3-jsc-devel-2.36.7-1.el9.i686.rpm

SHA-256: 472b1b53dd5706aca9eedce3780842cc6ffc26367379314544e015875378a1cd

webkit2gtk3-jsc-devel-2.36.7-1.el9.x86_64.rpm

SHA-256: a547a6dcc2a21536c3ed703c2ff747831c34df662d7122eeed0a393b1b8f5b6d

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.i686.rpm

SHA-256: 4c23683ded06d546fe11e0a01a09a5d86b1e69149d9ad77b9a45868cd691f757

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.x86_64.rpm

SHA-256: 91b4f33712086d093cb5c7d4e1e53d0ed7ca298b063bb356fc6cb827621cd030

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

webkit2gtk3-2.36.7-1.el9.src.rpm

SHA-256: d473a6f882164e113f1c6ff9446580929e885f2d73b715cb2259e3d34c50fbf3

s390x

webkit2gtk3-2.36.7-1.el9.s390x.rpm

SHA-256: 8f3f4b43a0f803d3a7c19fc92d1bd3a8b85c345d15775e6584c9e91f2585f02e

webkit2gtk3-debuginfo-2.36.7-1.el9.s390x.rpm

SHA-256: 719fc183f6835152b201510604a6aa21a9209472129aa196a7d1fe749dff2120

webkit2gtk3-debugsource-2.36.7-1.el9.s390x.rpm

SHA-256: 2797267372cbce6758be5bc8f74b542e0821f1f643236a6b0ea5ed4a8776c8f2

webkit2gtk3-devel-2.36.7-1.el9.s390x.rpm

SHA-256: fda3022b676b97cbc35c3e944c7a273e86311dd4974bd740b9a5cf92e2c6c92a

webkit2gtk3-devel-debuginfo-2.36.7-1.el9.s390x.rpm

SHA-256: 40a0d5bea3bd165dc3e5504ced122a9d4b6fd183e7cbe3a0ed6bd2121dc29a51

webkit2gtk3-jsc-2.36.7-1.el9.s390x.rpm

SHA-256: b78a789a85075de35d4c224a38192d98d5670a5a11d077ec50cd30d0ad83623f

webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.s390x.rpm

SHA-256: 28e6afef935a1f57d4f01d35715202c8550034d01c7e83c54b966e555f63c232

webkit2gtk3-jsc-devel-2.36.7-1.el9.s390x.rpm

SHA-256: 80c3b8f9e0db7cef51f7174e282fd728b78a845bb9943ff9614ab20e648eebe8

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.s390x.rpm

SHA-256: 2a9195e046d94d52b587e5cc56db08b29d9d9a59892725959e58766b2c8c9474

Red Hat Enterprise Linux for Power, little endian 9

SRPM

webkit2gtk3-2.36.7-1.el9.src.rpm

SHA-256: d473a6f882164e113f1c6ff9446580929e885f2d73b715cb2259e3d34c50fbf3

ppc64le

webkit2gtk3-2.36.7-1.el9.ppc64le.rpm

SHA-256: d39bcf0f84061b44bd6af930b44a7044640f6de167d7376d8b26d9b489ed9166

webkit2gtk3-debuginfo-2.36.7-1.el9.ppc64le.rpm

SHA-256: 364be1f27283b1d0eeb261c699ca65c7c743c6d57ecb0b955fa028a954713dfa

webkit2gtk3-debugsource-2.36.7-1.el9.ppc64le.rpm

SHA-256: 1bc174597bf1a4b77866f07d0ad760bee75dadb21b9653884973a13a90033566

webkit2gtk3-devel-2.36.7-1.el9.ppc64le.rpm

SHA-256: eb8071dd4dfa1d8b705d62a0cb07351e1095920ec5d8962d0e572cbed9d4ccad

webkit2gtk3-devel-debuginfo-2.36.7-1.el9.ppc64le.rpm

SHA-256: b4de86395b69635b9105c9d042ecb19ee450b06521adbe499fc2dc864ab9437a

webkit2gtk3-jsc-2.36.7-1.el9.ppc64le.rpm

SHA-256: f64b19625634143072baeff6bb5f6a32c4df220b3bfe08f983df418ae96ce91e

webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.ppc64le.rpm

SHA-256: 1b57578bc7ae9c6974cc3ddd277e6af1ac88d13d6cd0c7e64a05860a6a86fe21

webkit2gtk3-jsc-devel-2.36.7-1.el9.ppc64le.rpm

SHA-256: 615f735e8cf57d31bc996ff409b5aa93c30ccc11f0d54236c4f50ecc2af0c17b

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.ppc64le.rpm

SHA-256: e82e1771bbb4096706c5197fec960833b7929f6271c2d8bfbbe232e7e617cae6

Red Hat Enterprise Linux for ARM 64 9

SRPM

webkit2gtk3-2.36.7-1.el9.src.rpm

SHA-256: d473a6f882164e113f1c6ff9446580929e885f2d73b715cb2259e3d34c50fbf3

aarch64

webkit2gtk3-2.36.7-1.el9.aarch64.rpm

SHA-256: 77f10e78ac3c1d4936363c178fbc8bc1b6d5f95c7293c37bd22f595eba325f0e

webkit2gtk3-debuginfo-2.36.7-1.el9.aarch64.rpm

SHA-256: 4af6d411859d9a21111cc11792a757e4e2d545f0a5bfb3cd3fb16b5ddd04cca0

webkit2gtk3-debugsource-2.36.7-1.el9.aarch64.rpm

SHA-256: b58c10c685927081782f459ed59b1758d18f46bf5b54a8106ce4d46d55aa2be5

webkit2gtk3-devel-2.36.7-1.el9.aarch64.rpm

SHA-256: f76845a0d69fc80ca52f95656d4e026202d60f50077b395e41bbc33c1c852918

webkit2gtk3-devel-debuginfo-2.36.7-1.el9.aarch64.rpm

SHA-256: 881e780bab3535780e01f2cdf0c81954da2f3031c906f41b9bec373d0466c243

webkit2gtk3-jsc-2.36.7-1.el9.aarch64.rpm

SHA-256: 1aff7fcb6eaff652579a3fa4d626bc603a7252f17247c851fdd12749801742e2

webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.aarch64.rpm

SHA-256: 5008ba04adcc248b0796936b9982e22bf94a3505e5ba62b00dedb65ef51bc81a

webkit2gtk3-jsc-devel-2.36.7-1.el9.aarch64.rpm

SHA-256: 4a01df407af79b364856f9f774bae7f7dc7268d01295139139a468016126208f

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.aarch64.rpm

SHA-256: 1aed07c02cb6e2e561e3921a4389d6a50e34e99e3473fe136a2e80f661bd6115

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-0584-01

Red Hat Security Advisory 2023-0584-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.1. Issues addressed include a denial of service vulnerability.

RHSA-2023:0584: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...

RHSA-2023:1174: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...

CVE-2022-22668: About the security content of iOS 15.4 and iPadOS 15.4

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information.

Red Hat Security Advisory 2023-0918-01

Red Hat Security Advisory 2023-0918-01 - Service Binding manages the data plane for applications and backing services.

RHSA-2023:0918: Red Hat Security Advisory: Service Binding Operator security update

An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. W...

Red Hat Security Advisory 2023-0795-01

Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.

RHSA-2023:0795: Red Hat Security Advisory: RHSA: Submariner 0.13.3 - security updates and bug fixes

Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.

Red Hat Security Advisory 2023-0709-01

Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.

RHSA-2023:0631: Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates

Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...

Red Hat Security Advisory 2023-0542-01

Red Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.

Red Hat Security Advisory 2023-0470-01

Red Hat Security Advisory 2023-0470-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1).

RHSA-2023:0470: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update is now available for Migration Toolkit for Runtimes (v1.0.1). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42920: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

RHSA-2022:9047: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...

RHSA-2022:9040: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.3 security update

Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-41912: crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements

Red Hat Security Advisory 2022-8964-01

Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-8938-01

Red Hat Security Advisory 2022-8938-01 - Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements.

RHSA-2022:8964: Red Hat Security Advisory: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images

Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: keycloak: path traversal via double URL encoding * CVE-2022-3916: keycloak: Session takeover with OIDC offline refreshtokens

Red Hat Security Advisory 2022-8889-01

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

RHSA-2022:8889: Red Hat Security Advisory: Openshift Logging 5.3.14 bug fix release and security update

Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

RHSA-2022:8781: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...

Red Hat Security Advisory 2022-8750-01

Red Hat Security Advisory 2022-8750-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:8750: Red Hat Security Advisory: OpenShift Virtualization 4.11.1 security and bug fix update

Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...

Red Hat Security Advisory 2022-7435-01

Red Hat Security Advisory 2022-7435-01 - An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Issues addressed include a denial of service vulnerability.

RHSA-2022:7435: Red Hat Security Advisory: Logging Subsystem 5.4.8 - Red Hat OpenShift security update

An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays...

RHSA-2022:7704: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution * CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure * CVE-202...

RHSA-2022:7704: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution * CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure * CVE-202...

RHSA-2022:7704: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution * CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure * CVE-202...

RHSA-2022:7704: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution * CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure * CVE-202...

RHSA-2022:7704: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution * CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure * CVE-202...

RHSA-2022:7704: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution * CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure * CVE-202...

RHSA-2022:7704: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution * CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure * CVE-202...

RHSA-2022:7704: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution * CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure * CVE-202...

RHSA-2022:7704: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution * CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure * CVE-202...

RHSA-2022:7704: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution * CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure * CVE-202...

RHSA-2022:7704: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution * CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure * CVE-202...

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-22629: About the security content of iTunes 12.12.3 for Windows

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-22629: About the security content of iTunes 12.12.3 for Windows

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-22624: About the security content of tvOS 15.4

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-22624: About the security content of tvOS 15.4

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-22624: About the security content of tvOS 15.4

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-22624: About the security content of tvOS 15.4

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

Gentoo Linux Security Advisory 202208-39

Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.

Gentoo Linux Security Advisory 202208-39

Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.

Gentoo Linux Security Advisory 202208-39

Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.

Gentoo Linux Security Advisory 202208-39

Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.

Gentoo Linux Security Advisory 202208-39

Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.

Gentoo Linux Security Advisory 202208-39

Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.

Gentoo Linux Security Advisory 202208-39

Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.

Gentoo Linux Security Advisory 202208-39

Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.

Gentoo Linux Security Advisory 202208-39

Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.

Gentoo Linux Security Advisory 202208-39

Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.

Gentoo Linux Security Advisory 202208-39

Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.

Ubuntu Security Notice USN-5522-1

Ubuntu Security Notice 5522-1 - Several security issues were discovered in WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice USN-5457-1

Ubuntu Security Notice 5457-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice USN-5457-1

Ubuntu Security Notice 5457-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice USN-5457-1

Ubuntu Security Notice 5457-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice USN-5457-1

Ubuntu Security Notice 5457-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice USN-5457-1

Ubuntu Security Notice 5457-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

CVE-2022-26774: About the security content of iTunes 12.12.4 for Windows

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.

CVE-2022-26724: About the security content of tvOS 15.5

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.

CVE-2022-26738: About the security content of macOS Monterey 12.4

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2022-26724: About the security content of tvOS 15.5

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.

CVE-2022-26738: About the security content of macOS Monterey 12.4

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2022-26724: About the security content of tvOS 15.5

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.

CVE-2022-26724: About the security content of tvOS 15.5

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.

CVE-2022-26724: About the security content of tvOS 15.5

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.

CVE-2022-26724: About the security content of tvOS 15.5

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.

CVE-2022-22673: About the security content of iOS 15.5 and iPadOS 15.5

This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.

CVE-2022-22673: About the security content of iOS 15.5 and iPadOS 15.5

This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.

CVE-2022-22673: About the security content of iOS 15.5 and iPadOS 15.5

This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.

CVE-2022-22673: About the security content of iOS 15.5 and iPadOS 15.5

This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.

CVE-2022-22673: About the security content of iOS 15.5 and iPadOS 15.5

This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.

CVE-2022-22673: About the security content of iOS 15.5 and iPadOS 15.5

This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.

Apple Security Advisory 2022-05-16-7

Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-7

Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-7

Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-7

Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-7

Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-6

Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-6

Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-6

Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-6

Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-6

Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-6

Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-5

Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-5

Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-5

Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-5

Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-5

Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-5

Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-2

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-2

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-2

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-2

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-1

Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-1

Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-1

Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-1

Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-1

Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-1

Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

CVE-2022-30293: security_advisories/webkitgtk-2.36.0 at master · ChijinZ/security_advisories

In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.

CVE-2022-22665: About the security content of macOS Monterey 12.3

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

CVE-2022-22665: About the security content of macOS Monterey 12.3

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

CVE-2022-22633: About the security content of macOS Big Sur 11.6.5

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

CVE-2022-22665: About the security content of macOS Monterey 12.3

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

CVE-2022-22665: About the security content of macOS Monterey 12.3

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.