Headline
RHSA-2023:0902: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-23529: A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may, in theory, allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-02-22
Updated:
2023-02-22
RHSA-2023:0902 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: webkit2gtk3 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK
platform.
Security Fix(es):
- webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution (CVE-2023-23529)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2169934 - CVE-2023-23529 webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution
Red Hat Enterprise Linux for x86_64 8
SRPM
webkit2gtk3-2.36.7-1.el8_7.2.src.rpm
SHA-256: 4d687eea932b99ad07105903a79a43d1bb33dcea9cf49d56bd9a51af076ad555
x86_64
webkit2gtk3-2.36.7-1.el8_7.2.i686.rpm
SHA-256: b64899cccc0f2465a9ba122b2bd42653fc7747faa88807d5e677b8a98dfd6ac9
webkit2gtk3-2.36.7-1.el8_7.2.x86_64.rpm
SHA-256: c1ef9cc1cc96880f8235af578bc41ddfd329811c548c8be4442a48e8ef863795
webkit2gtk3-debuginfo-2.36.7-1.el8_7.2.i686.rpm
SHA-256: a110576e789a33edc4c520e67804c3e190715ce16ba52d8434a9b01d267d4c11
webkit2gtk3-debuginfo-2.36.7-1.el8_7.2.x86_64.rpm
SHA-256: 2063aef9c1abe22f64e325162ab6b2fff3656bd00ac2805884c18bbd2fb1634a
webkit2gtk3-debugsource-2.36.7-1.el8_7.2.i686.rpm
SHA-256: 582338f3a5af56b915808e3d74882f62c81fca2de6c5907c6f56b3dc0e92f1c9
webkit2gtk3-debugsource-2.36.7-1.el8_7.2.x86_64.rpm
SHA-256: 30535f8a5d6bf305f7e49d7a76c7f259b45a273985a781b84950c3324923ede0
webkit2gtk3-devel-2.36.7-1.el8_7.2.i686.rpm
SHA-256: 6d27ec96e70ccbe52085b65c6a24959083f82700dbc41ab194904117d0392c2a
webkit2gtk3-devel-2.36.7-1.el8_7.2.x86_64.rpm
SHA-256: a7f19fef87fc5669e0f1a915c4811943333f90f9d4e089273b4a50c7ad99a821
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.2.i686.rpm
SHA-256: 912df56130de29841a9e0a081b151a9fcb71560d21b72ac1a01b6e2266e038a4
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.2.x86_64.rpm
SHA-256: 7fe166f73a82e2e9ea5fe5df5626f871308a03db7dce1c09a69055dd5ac9a1cd
webkit2gtk3-jsc-2.36.7-1.el8_7.2.i686.rpm
SHA-256: 2942340e3c0585565944c1c81677b728576665af0f77c4b559c4a80d5f909eef
webkit2gtk3-jsc-2.36.7-1.el8_7.2.x86_64.rpm
SHA-256: 74f1a557b5f75a24587c1e3621e300f77c04894c666217e41352e9212d11aea8
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.2.i686.rpm
SHA-256: 2982184796fd4fd91d9895b4150c14350aea1163437566fc685a2d3596c85a51
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.2.x86_64.rpm
SHA-256: 17aa55cb64ac17011500d72775e2751fc6ce67e6dce84d69d81ecab88a9d3639
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.2.i686.rpm
SHA-256: c015bd59798dbf8bb7a770ee231b9a3bf2c06eb128232604d31128aa0c0e7a68
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.2.x86_64.rpm
SHA-256: 7af6a1fcbcb3809c0d5aec3039a79821641c5a65687e9e892b9fc99dab41e8d7
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.2.i686.rpm
SHA-256: 2981d437f30b7071f506f904d795b833edad9d0927b31e7257eba163460878d9
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.2.x86_64.rpm
SHA-256: ab3fe49c0d5334c0df5156957d1d976f1c96800102d359a4069b090aba5efbbd
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
webkit2gtk3-2.36.7-1.el8_7.2.src.rpm
SHA-256: 4d687eea932b99ad07105903a79a43d1bb33dcea9cf49d56bd9a51af076ad555
s390x
webkit2gtk3-2.36.7-1.el8_7.2.s390x.rpm
SHA-256: b23fd7941c32f4cd1eac03cad4e8afa841f794fdec22570255196ce0e4949f30
webkit2gtk3-debuginfo-2.36.7-1.el8_7.2.s390x.rpm
SHA-256: 592ea93dbadf47f79f701bc24e6bfa72e90e7614ea0bd72eec8c1a8832903b7b
webkit2gtk3-debugsource-2.36.7-1.el8_7.2.s390x.rpm
SHA-256: 37872be481deb32da2318c75230889c6fc29b9c5916f3eb836e1cc951ed3024a
webkit2gtk3-devel-2.36.7-1.el8_7.2.s390x.rpm
SHA-256: 7513c0209eed796e666d534643f43b19c6fb174c68ca6e9be79d3331c0c542e6
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.2.s390x.rpm
SHA-256: aea68f8dacc08383d319b27f819eddd05c4cec800321514e79e29d87bcc05389
webkit2gtk3-jsc-2.36.7-1.el8_7.2.s390x.rpm
SHA-256: b489d64b42a37a8cebe9e8b7b79a0400cfa5619339238b648c180effced2d7d2
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.2.s390x.rpm
SHA-256: 83a9c20974943e9c3e394ac658a50b5931e6556032a7a0da745fa1ca6a1658ac
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.2.s390x.rpm
SHA-256: 133a2556c947d06893763d5a2adeaf36932cadbb3ca8ac5fc063d9636eddb9ed
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.2.s390x.rpm
SHA-256: af000edd07a0b1695ea1a8d8d4a3a89bc9779fce7e8a04bff4854cafe1df845d
Red Hat Enterprise Linux for Power, little endian 8
SRPM
webkit2gtk3-2.36.7-1.el8_7.2.src.rpm
SHA-256: 4d687eea932b99ad07105903a79a43d1bb33dcea9cf49d56bd9a51af076ad555
ppc64le
webkit2gtk3-2.36.7-1.el8_7.2.ppc64le.rpm
SHA-256: d78aba344dde0cd6fd499906713927c62224fe5d4d50f60751a8419fb051f649
webkit2gtk3-debuginfo-2.36.7-1.el8_7.2.ppc64le.rpm
SHA-256: b4cf295f0bc725e442d4c5a8f4f01aef90550b1c89c3599045164b62f87f20a8
webkit2gtk3-debugsource-2.36.7-1.el8_7.2.ppc64le.rpm
SHA-256: c44be4a20225063310be93f71aaa215a6ad94d022971e2f18e51ddf47afca4be
webkit2gtk3-devel-2.36.7-1.el8_7.2.ppc64le.rpm
SHA-256: 46fb6f9a47f9f3049665358ee83749babdac34cd8031ab7d39b86e7d3812ddf8
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.2.ppc64le.rpm
SHA-256: 8b03b1efc34cbacf089a1231bd79fd8b2b30f95e2a1e3171b9c46eca2663d927
webkit2gtk3-jsc-2.36.7-1.el8_7.2.ppc64le.rpm
SHA-256: 024b7656072d3d3882e2d73b40971a141d4a6edfb1440d8b0007538a0ae6abc1
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.2.ppc64le.rpm
SHA-256: e884ac8a2f6240e6e5bf64c06519064eb55443d796a90620912190447b87bdba
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.2.ppc64le.rpm
SHA-256: d9ecb687838c2596ad15f59d3b64a002da9368edd8ec773f1253487761382409
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.2.ppc64le.rpm
SHA-256: befd08914b5ebaff0861dcd94fc8765d876e8126f7df924d26fc5eb43ab75462
Red Hat Enterprise Linux for ARM 64 8
SRPM
webkit2gtk3-2.36.7-1.el8_7.2.src.rpm
SHA-256: 4d687eea932b99ad07105903a79a43d1bb33dcea9cf49d56bd9a51af076ad555
aarch64
webkit2gtk3-2.36.7-1.el8_7.2.aarch64.rpm
SHA-256: 2aff46d43c42a87692c859a4dddbbd4468a3d6610505911cb1713c2ccf943e29
webkit2gtk3-debuginfo-2.36.7-1.el8_7.2.aarch64.rpm
SHA-256: 92766a88b02f1219c60cd1693b165765bb0aaaa6989f4e68656d0b27f0698a43
webkit2gtk3-debugsource-2.36.7-1.el8_7.2.aarch64.rpm
SHA-256: cb46ce4b275a91ce3077272b6be1138b3a22fa9eccc6a83b12dd87275a7fc539
webkit2gtk3-devel-2.36.7-1.el8_7.2.aarch64.rpm
SHA-256: c02254863d494dcf994f8db08666caac2f4831d5dd571132aa71d3f05282501b
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.2.aarch64.rpm
SHA-256: 3b5f3d50953799a6ec0941ce36c966042425fb2ddfd9f25285a8769449847ed8
webkit2gtk3-jsc-2.36.7-1.el8_7.2.aarch64.rpm
SHA-256: b54f05f7ca3e1079cb0ee0a4f4b848cee4d5f1b9eedca0889dd8db8be9a84fa4
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.2.aarch64.rpm
SHA-256: 446e4cc375cd9cc2c76184292c420d5352efdb32fd31a8876af98af26d66bf4c
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.2.aarch64.rpm
SHA-256: 81e6c9b6b87e53e6c3bb58dd24f827ef947daba835d6e84dbb5d098ba44af6fa
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.2.aarch64.rpm
SHA-256: a04041601f7a77d8f4bf557bb0f38a7b60abe7b8f48e15bcc1f5fc03e080d44a
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the campaign is not known.
Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409 - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with
Categories: Apple Categories: Exploits and vulnerabilities Categories: News Tags: macOS Tags: iOS Tags: iPadOS Tags: watchOS Tags: tvOS Tags: Studio Display Tags: CVE-2023-23529 Tags: type confusion Tags: emoji Apple has released security updates and new features for several of its products, including a fix for an actively exploited vulnerability. (Read more...) The post Update now! Apple fixes actively exploited vulnerability and introduces new features appeared first on Malwarebytes Labs.
Apple on Monday backported fixes for an actively exploited security flaw to older iPhone and iPad models. The issue, tracked as CVE-2023-23529, concerns a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was originally addressed by the tech giant with improved checks as part of updates released on February 13, 2023. An anonymous researcher has been
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data..
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1. An app may be able to execute arbitrary code with kernel privileges..
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Ubuntu Security Notice 5893-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Red Hat Security Advisory 2023-0902-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-23529: A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may, in theory, allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system.
Debian Linux Security Advisory 5352-1 - An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Debian Linux Security Advisory 5351-1 - An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Hey 👋 there, cyber friends! Welcome to this week's cybersecurity newsletter, where we aim to keep you informed and empowered in the ever-changing world of cyber threats. In today's edition, we will cover some interesting developments in the cybersecurity landscape and share some insightful analysis of each to help you protect yourself against potential attacks. 1. Apple 📱 Devices Hacked with
Apple Security Advisory 2023-02-13-3 - Safari 16.3.1 addresses a code execution vulnerability.
Apple Security Advisory 2023-02-13-2 - macOS Ventura 13.2.1 addresses code execution and use-after-free vulnerabilities.
Apple Security Advisory 2023-02-13-1 - iOS 16.3.1 and iPadOS 16.3.1 addresses code execution and use-after-free vulnerabilities.
By Deeba Ahmed If you are using an Apple product, it is time to update it right now and make sure the automatic updates are enabled. This is a post from HackRead.com Read the original post: Update Now: iOS Devices Receive Vital Security Updates from Apple
Categories: Apple Categories: Exploits and vulnerabilities Tags: Apple Tags: macOS Ventura Tags: 13.2.1 Tags: iOS Tags: iPadOS Tags: 16.3.1 Tags: CVE-2023-23514 Tags: CVE-2023-23522 Tags: CVE-2023-23529 Tags: use after free Tags: type confusion Apple has released patches for macOS Ventura, iPadOs, and iOS. Among the patched vulnerabilities is a WebKit vulnerability which may have been exploited in the wild. (Read more...) The post Update now! Apple patches vulnerabilities in MacOS and iOS appeared first on Malwarebytes Labs.
Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution. The iPhone maker said the