Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0902: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-23529: A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may, in theory, allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#webkit

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-02-22

Updated:

2023-02-22

RHSA-2023:0902 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: webkit2gtk3 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK
platform.

Security Fix(es):

  • webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution (CVE-2023-23529)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2169934 - CVE-2023-23529 webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution

Red Hat Enterprise Linux for x86_64 8

SRPM

webkit2gtk3-2.36.7-1.el8_7.2.src.rpm

SHA-256: 4d687eea932b99ad07105903a79a43d1bb33dcea9cf49d56bd9a51af076ad555

x86_64

webkit2gtk3-2.36.7-1.el8_7.2.i686.rpm

SHA-256: b64899cccc0f2465a9ba122b2bd42653fc7747faa88807d5e677b8a98dfd6ac9

webkit2gtk3-2.36.7-1.el8_7.2.x86_64.rpm

SHA-256: c1ef9cc1cc96880f8235af578bc41ddfd329811c548c8be4442a48e8ef863795

webkit2gtk3-debuginfo-2.36.7-1.el8_7.2.i686.rpm

SHA-256: a110576e789a33edc4c520e67804c3e190715ce16ba52d8434a9b01d267d4c11

webkit2gtk3-debuginfo-2.36.7-1.el8_7.2.x86_64.rpm

SHA-256: 2063aef9c1abe22f64e325162ab6b2fff3656bd00ac2805884c18bbd2fb1634a

webkit2gtk3-debugsource-2.36.7-1.el8_7.2.i686.rpm

SHA-256: 582338f3a5af56b915808e3d74882f62c81fca2de6c5907c6f56b3dc0e92f1c9

webkit2gtk3-debugsource-2.36.7-1.el8_7.2.x86_64.rpm

SHA-256: 30535f8a5d6bf305f7e49d7a76c7f259b45a273985a781b84950c3324923ede0

webkit2gtk3-devel-2.36.7-1.el8_7.2.i686.rpm

SHA-256: 6d27ec96e70ccbe52085b65c6a24959083f82700dbc41ab194904117d0392c2a

webkit2gtk3-devel-2.36.7-1.el8_7.2.x86_64.rpm

SHA-256: a7f19fef87fc5669e0f1a915c4811943333f90f9d4e089273b4a50c7ad99a821

webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.2.i686.rpm

SHA-256: 912df56130de29841a9e0a081b151a9fcb71560d21b72ac1a01b6e2266e038a4

webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.2.x86_64.rpm

SHA-256: 7fe166f73a82e2e9ea5fe5df5626f871308a03db7dce1c09a69055dd5ac9a1cd

webkit2gtk3-jsc-2.36.7-1.el8_7.2.i686.rpm

SHA-256: 2942340e3c0585565944c1c81677b728576665af0f77c4b559c4a80d5f909eef

webkit2gtk3-jsc-2.36.7-1.el8_7.2.x86_64.rpm

SHA-256: 74f1a557b5f75a24587c1e3621e300f77c04894c666217e41352e9212d11aea8

webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.2.i686.rpm

SHA-256: 2982184796fd4fd91d9895b4150c14350aea1163437566fc685a2d3596c85a51

webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.2.x86_64.rpm

SHA-256: 17aa55cb64ac17011500d72775e2751fc6ce67e6dce84d69d81ecab88a9d3639

webkit2gtk3-jsc-devel-2.36.7-1.el8_7.2.i686.rpm

SHA-256: c015bd59798dbf8bb7a770ee231b9a3bf2c06eb128232604d31128aa0c0e7a68

webkit2gtk3-jsc-devel-2.36.7-1.el8_7.2.x86_64.rpm

SHA-256: 7af6a1fcbcb3809c0d5aec3039a79821641c5a65687e9e892b9fc99dab41e8d7

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.2.i686.rpm

SHA-256: 2981d437f30b7071f506f904d795b833edad9d0927b31e7257eba163460878d9

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.2.x86_64.rpm

SHA-256: ab3fe49c0d5334c0df5156957d1d976f1c96800102d359a4069b090aba5efbbd

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

webkit2gtk3-2.36.7-1.el8_7.2.src.rpm

SHA-256: 4d687eea932b99ad07105903a79a43d1bb33dcea9cf49d56bd9a51af076ad555

s390x

webkit2gtk3-2.36.7-1.el8_7.2.s390x.rpm

SHA-256: b23fd7941c32f4cd1eac03cad4e8afa841f794fdec22570255196ce0e4949f30

webkit2gtk3-debuginfo-2.36.7-1.el8_7.2.s390x.rpm

SHA-256: 592ea93dbadf47f79f701bc24e6bfa72e90e7614ea0bd72eec8c1a8832903b7b

webkit2gtk3-debugsource-2.36.7-1.el8_7.2.s390x.rpm

SHA-256: 37872be481deb32da2318c75230889c6fc29b9c5916f3eb836e1cc951ed3024a

webkit2gtk3-devel-2.36.7-1.el8_7.2.s390x.rpm

SHA-256: 7513c0209eed796e666d534643f43b19c6fb174c68ca6e9be79d3331c0c542e6

webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.2.s390x.rpm

SHA-256: aea68f8dacc08383d319b27f819eddd05c4cec800321514e79e29d87bcc05389

webkit2gtk3-jsc-2.36.7-1.el8_7.2.s390x.rpm

SHA-256: b489d64b42a37a8cebe9e8b7b79a0400cfa5619339238b648c180effced2d7d2

webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.2.s390x.rpm

SHA-256: 83a9c20974943e9c3e394ac658a50b5931e6556032a7a0da745fa1ca6a1658ac

webkit2gtk3-jsc-devel-2.36.7-1.el8_7.2.s390x.rpm

SHA-256: 133a2556c947d06893763d5a2adeaf36932cadbb3ca8ac5fc063d9636eddb9ed

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.2.s390x.rpm

SHA-256: af000edd07a0b1695ea1a8d8d4a3a89bc9779fce7e8a04bff4854cafe1df845d

Red Hat Enterprise Linux for Power, little endian 8

SRPM

webkit2gtk3-2.36.7-1.el8_7.2.src.rpm

SHA-256: 4d687eea932b99ad07105903a79a43d1bb33dcea9cf49d56bd9a51af076ad555

ppc64le

webkit2gtk3-2.36.7-1.el8_7.2.ppc64le.rpm

SHA-256: d78aba344dde0cd6fd499906713927c62224fe5d4d50f60751a8419fb051f649

webkit2gtk3-debuginfo-2.36.7-1.el8_7.2.ppc64le.rpm

SHA-256: b4cf295f0bc725e442d4c5a8f4f01aef90550b1c89c3599045164b62f87f20a8

webkit2gtk3-debugsource-2.36.7-1.el8_7.2.ppc64le.rpm

SHA-256: c44be4a20225063310be93f71aaa215a6ad94d022971e2f18e51ddf47afca4be

webkit2gtk3-devel-2.36.7-1.el8_7.2.ppc64le.rpm

SHA-256: 46fb6f9a47f9f3049665358ee83749babdac34cd8031ab7d39b86e7d3812ddf8

webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.2.ppc64le.rpm

SHA-256: 8b03b1efc34cbacf089a1231bd79fd8b2b30f95e2a1e3171b9c46eca2663d927

webkit2gtk3-jsc-2.36.7-1.el8_7.2.ppc64le.rpm

SHA-256: 024b7656072d3d3882e2d73b40971a141d4a6edfb1440d8b0007538a0ae6abc1

webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.2.ppc64le.rpm

SHA-256: e884ac8a2f6240e6e5bf64c06519064eb55443d796a90620912190447b87bdba

webkit2gtk3-jsc-devel-2.36.7-1.el8_7.2.ppc64le.rpm

SHA-256: d9ecb687838c2596ad15f59d3b64a002da9368edd8ec773f1253487761382409

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.2.ppc64le.rpm

SHA-256: befd08914b5ebaff0861dcd94fc8765d876e8126f7df924d26fc5eb43ab75462

Red Hat Enterprise Linux for ARM 64 8

SRPM

webkit2gtk3-2.36.7-1.el8_7.2.src.rpm

SHA-256: 4d687eea932b99ad07105903a79a43d1bb33dcea9cf49d56bd9a51af076ad555

aarch64

webkit2gtk3-2.36.7-1.el8_7.2.aarch64.rpm

SHA-256: 2aff46d43c42a87692c859a4dddbbd4468a3d6610505911cb1713c2ccf943e29

webkit2gtk3-debuginfo-2.36.7-1.el8_7.2.aarch64.rpm

SHA-256: 92766a88b02f1219c60cd1693b165765bb0aaaa6989f4e68656d0b27f0698a43

webkit2gtk3-debugsource-2.36.7-1.el8_7.2.aarch64.rpm

SHA-256: cb46ce4b275a91ce3077272b6be1138b3a22fa9eccc6a83b12dd87275a7fc539

webkit2gtk3-devel-2.36.7-1.el8_7.2.aarch64.rpm

SHA-256: c02254863d494dcf994f8db08666caac2f4831d5dd571132aa71d3f05282501b

webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.2.aarch64.rpm

SHA-256: 3b5f3d50953799a6ec0941ce36c966042425fb2ddfd9f25285a8769449847ed8

webkit2gtk3-jsc-2.36.7-1.el8_7.2.aarch64.rpm

SHA-256: b54f05f7ca3e1079cb0ee0a4f4b848cee4d5f1b9eedca0889dd8db8be9a84fa4

webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.2.aarch64.rpm

SHA-256: 446e4cc375cd9cc2c76184292c420d5352efdb32fd31a8876af98af26d66bf4c

webkit2gtk3-jsc-devel-2.36.7-1.el8_7.2.aarch64.rpm

SHA-256: 81e6c9b6b87e53e6c3bb58dd24f827ef947daba835d6e84dbb5d098ba44af6fa

webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.2.aarch64.rpm

SHA-256: a04041601f7a77d8f4bf557bb0f38a7b60abe7b8f48e15bcc1f5fc03e080d44a

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the campaign is not known.

WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409 - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with

Update now! Apple fixes actively exploited vulnerability and introduces new features

Categories: Apple Categories: Exploits and vulnerabilities Categories: News Tags: macOS Tags: iOS Tags: iPadOS Tags: watchOS Tags: tvOS Tags: Studio Display Tags: CVE-2023-23529 Tags: type confusion Tags: emoji Apple has released security updates and new features for several of its products, including a fix for an actively exploited vulnerability. (Read more...) The post Update now! Apple fixes actively exploited vulnerability and introduces new features appeared first on Malwarebytes Labs.

Apple Issues Urgent Security Update for Older iOS and iPadOS Models

Apple on Monday backported fixes for an actively exploited security flaw to older iPhone and iPad models. The issue, tracked as CVE-2023-23529, concerns a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was originally addressed by the tech giant with improved checks as part of updates released on February 13, 2023. An anonymous researcher has been

CVE-2023-23522: About the security content of macOS Ventura 13.2.1

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data..

CVE-2023-23514: About the security content of iOS 16.3.1 and iPadOS 16.3.1

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1. An app may be able to execute arbitrary code with kernel privileges..

CVE-2023-23529: About the security content of Safari 16.3

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Ubuntu Security Notice USN-5893-1

Ubuntu Security Notice 5893-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Red Hat Security Advisory 2023-0902-01

Red Hat Security Advisory 2023-0902-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

RHSA-2023:0903: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-23529: A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may, in theory, allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system.

Debian Security Advisory 5352-1

Debian Linux Security Advisory 5352-1 - An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Debian Security Advisory 5351-1

Debian Linux Security Advisory 5351-1 - An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

⚡Top Cybersecurity News Stories This Week — Cybersecurity Newsletter

Hey 👋 there, cyber friends! Welcome to this week's cybersecurity newsletter, where we aim to keep you informed and empowered in the ever-changing world of cyber threats. In today's edition, we will cover some interesting developments in the cybersecurity landscape and share some insightful analysis of each to help you protect yourself against potential attacks. 1. Apple 📱 Devices Hacked with

Apple Security Advisory 2023-02-13-3

Apple Security Advisory 2023-02-13-3 - Safari 16.3.1 addresses a code execution vulnerability.

Apple Security Advisory 2023-02-13-2

Apple Security Advisory 2023-02-13-2 - macOS Ventura 13.2.1 addresses code execution and use-after-free vulnerabilities.

Apple Security Advisory 2023-02-13-1

Apple Security Advisory 2023-02-13-1 - iOS 16.3.1 and iPadOS 16.3.1 addresses code execution and use-after-free vulnerabilities.

Update Now: iOS Devices Receive Vital Security Updates from Apple

By Deeba Ahmed If you are using an Apple product, it is time to update it right now and make sure the automatic updates are enabled. This is a post from HackRead.com Read the original post: Update Now: iOS Devices Receive Vital Security Updates from Apple

Update now! Apple patches vulnerabilities in MacOS and iOS

Categories: Apple Categories: Exploits and vulnerabilities Tags: Apple Tags: macOS Ventura Tags: 13.2.1 Tags: iOS Tags: iPadOS Tags: 16.3.1 Tags: CVE-2023-23514 Tags: CVE-2023-23522 Tags: CVE-2023-23529 Tags: use after free Tags: type confusion Apple has released patches for macOS Ventura, iPadOs, and iOS. Among the patched vulnerabilities is a WebKit vulnerability which may have been exploited in the wild. (Read more...) The post Update now! Apple patches vulnerabilities in MacOS and iOS appeared first on Malwarebytes Labs.

Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw

Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution. The iPhone maker said the