Headline
RHSA-2023:2256: Red Hat Security Advisory: webkit2gtk3 security and bug fix update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-32886: A vulnerability was found in webkitgtkm, where a buffer overflow issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2022-32888: A vulnerability was found in webkitgtk, where an out-of-bounds read was addressed with improved bounds checking. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2022-32923: A vulnerability was found in webkitgtk. Processing maliciously crafted web content may disclose the internal states of the app.
- CVE-2022-42799: A vulnerability was found in webkitgtk, where an issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing.
- CVE-2022-42823: A vulnerability was found in webkitgtk, where a logic issue was addressed with improved state management. Processing maliciously crafted web content may disclose sensitive user information.
- CVE-2022-42824: A vulnerability was found in webkitgtk, where a type confusion issue was addressed with improved memory handling. By this security flaw processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2022-42826: A vulnerability was found in WebKitGTK. This issue exists due to a use-after-free error when processing maliciously crafted web content in WebKit. This may allow an attacker to trick the victim to visit a specially crafted website, causing an application to halt, crash, or perform arbitrary code execution.
- CVE-2022-42852: A flaw was found in webkitgtk. Improper input validation leads to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or perform arbitrary code execution.
- CVE-2022-42863: A flaw was found in webkitgtk. Improper input validation leads to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or perform arbitrary code execution.
- CVE-2022-42867: A flaw was found in webkitgtk. Improper input validation leads to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or perform arbitrary code execution.
- CVE-2022-46691: A flaw was found in webkitgtk. Improper input validation leads to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or perform arbitrary code execution.
- CVE-2022-46692: A logic issue was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process unexpected cross-origin attacks.
- CVE-2022-46698: A logic issue was found in WebKitGTK and WPE WebKit. This flaw allows an attacker to process maliciously crafted web content that may disclose sensitive user information.
- CVE-2022-46699: A flaw was found in webkitgtk. Improper input validation leads to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or perform arbitrary code execution.
- CVE-2022-46700: A flaw was found in webkitgtk. Improper input validation leads to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or perform arbitrary code execution.
- CVE-2023-23517: A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger memory corruption, and execute arbitrary code on the target system.
- CVE-2023-23518: A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption, and execute arbitrary code on the target system.
- CVE-2023-25358: A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
- CVE-2023-25360: A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
- CVE-2023-25361: A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
- CVE-2023-25362: A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
- CVE-2023-25363: A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-09
Updated:
2023-05-09
RHSA-2023:2256 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: webkit2gtk3 security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42826)
- webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23517)
- webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23518)
- webkitgtk: buffer overflow issue was addressed with improved memory handling (CVE-2022-32886)
- webkitgtk: out-of-bounds write issue was addressed with improved bounds checking (CVE-2022-32888)
- webkitgtk: correctness issue in the JIT was addressed with improved checks (CVE-2022-32923)
- webkitgtk: issue was addressed with improved UI handling (CVE-2022-42799)
- webkitgtk: type confusion issue leading to arbitrary code execution (CVE-2022-42823)
- webkitgtk: sensitive information disclosure issue (CVE-2022-42824)
- webkitgtk: memory disclosure issue was addressed with improved memory handling (CVE-2022-42852)
- webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-42863)
- webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42867)
- webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46691)
- webkitgtk: Same Origin Policy bypass issue (CVE-2022-46692)
- webkitgtk: logic issue leading to user information disclosure (CVE-2022-46698)
- webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46699)
- webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46700)
- webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild() (CVE-2023-25358)
- webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer() (CVE-2023-25360)
- webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling() (CVE-2023-25361)
- webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps() (CVE-2023-25362)
- webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags() (CVE-2023-25363)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2127467 - Upgrade WebKitGTK for RHEL 9.2
- BZ - 2128643 - CVE-2022-32886 webkitgtk: buffer overflow issue was addressed with improved memory handling
- BZ - 2140501 - CVE-2022-32888 webkitgtk: out-of-bounds write issue was addressed with improved bounds checking
- BZ - 2140502 - CVE-2022-32923 webkitgtk: correctness issue in the JIT was addressed with improved checks
- BZ - 2140503 - CVE-2022-42799 webkitgtk: issue was addressed with improved UI handling
- BZ - 2140504 - CVE-2022-42824 webkitgtk: sensitive information disclosure issue
- BZ - 2140505 - CVE-2022-42823 webkitgtk: type confusion issue leading to arbitrary code execution
- BZ - 2156986 - CVE-2022-42852 webkitgtk: memory disclosure issue was addressed with improved memory handling
- BZ - 2156987 - CVE-2022-42863 webkitgtk: memory corruption issue leading to arbitrary code execution
- BZ - 2156989 - CVE-2022-42867 webkitgtk: use-after-free issue leading to arbitrary code execution
- BZ - 2156990 - CVE-2022-46691 webkitgtk: memory corruption issue leading to arbitrary code execution
- BZ - 2156991 - CVE-2022-46692 webkitgtk: Same Origin Policy bypass issue
- BZ - 2156992 - CVE-2022-46698 webkitgtk: logic issue leading to user information disclosure
- BZ - 2156993 - CVE-2022-46699 webkitgtk: memory corruption issue leading to arbitrary code execution
- BZ - 2156994 - CVE-2022-46700 webkitgtk: memory corruption issue leading to arbitrary code execution
- BZ - 2167715 - CVE-2023-23518 webkitgtk: memory corruption issue leading to arbitrary code execution
- BZ - 2167716 - CVE-2022-42826 webkitgtk: use-after-free issue leading to arbitrary code execution
- BZ - 2167717 - CVE-2023-23517 webkitgtk: memory corruption issue leading to arbitrary code execution
- BZ - 2175099 - CVE-2023-25358 webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild()
- BZ - 2175101 - CVE-2023-25360 webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer()
- BZ - 2175103 - CVE-2023-25361 webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling()
- BZ - 2175105 - CVE-2023-25362 webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps()
- BZ - 2175107 - CVE-2023-25363 webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags()
CVEs
- CVE-2022-32886
- CVE-2022-32888
- CVE-2022-32923
- CVE-2022-42799
- CVE-2022-42823
- CVE-2022-42824
- CVE-2022-42826
- CVE-2022-42852
- CVE-2022-42863
- CVE-2022-42867
- CVE-2022-46691
- CVE-2022-46692
- CVE-2022-46698
- CVE-2022-46699
- CVE-2022-46700
- CVE-2023-23517
- CVE-2023-23518
- CVE-2023-25358
- CVE-2023-25360
- CVE-2023-25361
- CVE-2023-25362
- CVE-2023-25363
References
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
webkit2gtk3-2.38.5-1.el9.src.rpm
SHA-256: 07bf2a869526b70fed40d0fdc4d9e62bf2160cac7023458a1624255746987920
x86_64
webkit2gtk3-2.38.5-1.el9.i686.rpm
SHA-256: 9d08afca40f90d518e9b7cdf5d0a39365e2e9a3e2385d81140e6accd78a1451e
webkit2gtk3-2.38.5-1.el9.x86_64.rpm
SHA-256: f25f3fa2d349709f53edf1800fa9ecfef75a24881bb78d4d9501175c8cfc3683
webkit2gtk3-debuginfo-2.38.5-1.el9.i686.rpm
SHA-256: 9929351accccfe629a163c574efc5fc190ac12c52daf6659faf1be8ff3f452a3
webkit2gtk3-debuginfo-2.38.5-1.el9.x86_64.rpm
SHA-256: 4da8f05e60fb91aad13f0e91dc5d5bd7ad3413a2376598c01ad100d1108f440a
webkit2gtk3-debugsource-2.38.5-1.el9.i686.rpm
SHA-256: cb53016bdc6f71b289fa19bcf9bf88ae56cf2789adc03a34e93cd97d29f8e6b1
webkit2gtk3-debugsource-2.38.5-1.el9.x86_64.rpm
SHA-256: 9a7db11a93158d2ec6cddbc4881ad7f032a1c2d3bbe9e18d60f7da75a361c08c
webkit2gtk3-devel-2.38.5-1.el9.i686.rpm
SHA-256: b64c7839bd366bef468b4de2d9941d32f4299c09acc29cac1b494920d4b0f3c7
webkit2gtk3-devel-2.38.5-1.el9.x86_64.rpm
SHA-256: 2bbf377d525d36e2f30a215a5b6807528887ac3c4d527ea15ca13baab0f55a7f
webkit2gtk3-devel-debuginfo-2.38.5-1.el9.i686.rpm
SHA-256: 16121ba600fd8de293c1ac7eb9cfbc2acc140fde6e210b5eaab2eea5cff8513e
webkit2gtk3-devel-debuginfo-2.38.5-1.el9.x86_64.rpm
SHA-256: cd7d5c80686bf6fd0a06f40eb865cc8dfe0c8d33a0f2f9c0c6fd753f4f3ca465
webkit2gtk3-jsc-2.38.5-1.el9.i686.rpm
SHA-256: aa3d7f00cc4793f8b2d0ce39f2987fe93d5c88dfe26a09b3d9c2b201ee7a9ace
webkit2gtk3-jsc-2.38.5-1.el9.x86_64.rpm
SHA-256: 05fdb281eac98dc93fd1e465b9112d01a5ad45f06dc24c85aa317d636f71a724
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.i686.rpm
SHA-256: 0e4c9f6bb2ad7fc93a1cfed38fc3cd29bc4d738890ffaba8d935c2ed45c2f075
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.x86_64.rpm
SHA-256: 4c0ab1d05fc81ccb524c9aa1569fd9112b2a4485a67f8d7247f667b3dc7464b2
webkit2gtk3-jsc-devel-2.38.5-1.el9.i686.rpm
SHA-256: 571a88de68e05d324493771ad06aeeae9928088163f75ccd9c1d08cb2983d570
webkit2gtk3-jsc-devel-2.38.5-1.el9.x86_64.rpm
SHA-256: f7605ec2390d111553ad866ecdbb2334c46704ada2a9304a0247b96ee43bf120
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.i686.rpm
SHA-256: 07fc7bcfcd95105e02a90cb0fb0376486229a0ab40b6ace4626ad13974d373f5
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.x86_64.rpm
SHA-256: 41a74e195d61447f1b9ae22c28814bb30067e9d7ac838aa8599d96ffa681e410
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
webkit2gtk3-2.38.5-1.el9.src.rpm
SHA-256: 07bf2a869526b70fed40d0fdc4d9e62bf2160cac7023458a1624255746987920
s390x
webkit2gtk3-2.38.5-1.el9.s390x.rpm
SHA-256: b3e2d5e57b302c23efaa827ba46a381b980b88cbb97a40d199a4ef564429ce83
webkit2gtk3-debuginfo-2.38.5-1.el9.s390x.rpm
SHA-256: f23dbe1e58fb221958d186c4a04d17fe383c8131be54e1dbc1441c246113aa50
webkit2gtk3-debugsource-2.38.5-1.el9.s390x.rpm
SHA-256: 58131abecdb2041045d08834beccfc3ed11aedf762a96ea5b32baac38c2c6f8c
webkit2gtk3-devel-2.38.5-1.el9.s390x.rpm
SHA-256: 44ef6db11a498f97759ad70d21aff0f7125fb4a808266ecfd8d38ece56eb0334
webkit2gtk3-devel-debuginfo-2.38.5-1.el9.s390x.rpm
SHA-256: aa560ae27f84a9ce61323e75440f072e0dfadad5f1c1496932756398d9022097
webkit2gtk3-jsc-2.38.5-1.el9.s390x.rpm
SHA-256: 47b1aa063e4953cfa5b6d7953414869d2467e7f027d6fd0dd7b676079f563d31
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.s390x.rpm
SHA-256: 1398edeeef831ce28c80fa571705ba66cea46a0fb53a6ce5647fef7d5ceb09f4
webkit2gtk3-jsc-devel-2.38.5-1.el9.s390x.rpm
SHA-256: 2f2e757a6ff2f819eea78425c0ec66141dd03d164fcd0014b0afb99603df8b36
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.s390x.rpm
SHA-256: 676dc3ac2c70aaa41a83e391ae60529f010f81e23e2b8c15e009af1b35076003
Red Hat Enterprise Linux for Power, little endian 9
SRPM
webkit2gtk3-2.38.5-1.el9.src.rpm
SHA-256: 07bf2a869526b70fed40d0fdc4d9e62bf2160cac7023458a1624255746987920
ppc64le
webkit2gtk3-2.38.5-1.el9.ppc64le.rpm
SHA-256: bf4698c093d1d388d174099b1aec6b6d18a407ec36ad0ac15750b36e0fcb32e2
webkit2gtk3-debuginfo-2.38.5-1.el9.ppc64le.rpm
SHA-256: ca6a4e12908cfab366d5b1a0ba119a15986ffe5de7ddd06855a07ca45ec3423f
webkit2gtk3-debugsource-2.38.5-1.el9.ppc64le.rpm
SHA-256: 583a78f09cd5798f31ea632348726fe6a50f683fb123ee463b1a4193a05ba48c
webkit2gtk3-devel-2.38.5-1.el9.ppc64le.rpm
SHA-256: a4687ebb672814ff828043b5d2198603b797e27dcf039dd1e453b35e7a2f397a
webkit2gtk3-devel-debuginfo-2.38.5-1.el9.ppc64le.rpm
SHA-256: 0395fbf5fc1b4c9c11e44fef9c4afa03c0fc64634ec3bf19cfd7e3afb2e46bbb
webkit2gtk3-jsc-2.38.5-1.el9.ppc64le.rpm
SHA-256: 142b3df81bb0cdda48871e8812594588b9dff13d303b988cd643bc6b37e10837
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.ppc64le.rpm
SHA-256: 2b2800939b321df5c061841e8d3f7a436dec40d98ccc350adb7018802de0ac6b
webkit2gtk3-jsc-devel-2.38.5-1.el9.ppc64le.rpm
SHA-256: 670b6f8f57bd537e16c73185ab2281d56b8ea90fb732daecdeedd930146feba5
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.ppc64le.rpm
SHA-256: 3cab4fc30ccb666ef6e8b159c2d7af7aeb91e820ed3837368ad17a61292e7e0f
Red Hat Enterprise Linux for ARM 64 9
SRPM
webkit2gtk3-2.38.5-1.el9.src.rpm
SHA-256: 07bf2a869526b70fed40d0fdc4d9e62bf2160cac7023458a1624255746987920
aarch64
webkit2gtk3-2.38.5-1.el9.aarch64.rpm
SHA-256: 176d2411c736018dee60a7e0ce8bd801b0409f9204a18bb48a8869565e59859f
webkit2gtk3-debuginfo-2.38.5-1.el9.aarch64.rpm
SHA-256: 6fe7451ca67c38ea715e66753373b7ef94ca783df4d1fd3bc447040c656bf70e
webkit2gtk3-debugsource-2.38.5-1.el9.aarch64.rpm
SHA-256: b62d4dfddd9ef672eb6457839ccd40fe8a91b5a5c1a026cbb4a02bd484acfea0
webkit2gtk3-devel-2.38.5-1.el9.aarch64.rpm
SHA-256: b973e1b4e6a1735f681f91de73c9114dd0ef4ed4848fa7164cf849cddc3accb7
webkit2gtk3-devel-debuginfo-2.38.5-1.el9.aarch64.rpm
SHA-256: 3aa6911f53aa698dea132c685373ba9a2af3391e2ce38dcd4c540c7b237ddba3
webkit2gtk3-jsc-2.38.5-1.el9.aarch64.rpm
SHA-256: e845defa964b49aa74afb7047ab5e5e183f03834e08f4e6050d528a5a0e38141
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.aarch64.rpm
SHA-256: 21b8f098784ed0431246f896c275a0bedc38a5bcc466da34bc060ce68bdfb696
webkit2gtk3-jsc-devel-2.38.5-1.el9.aarch64.rpm
SHA-256: 86ae3cb33500cab4d8bad8bef6c21d8337ae907ad313c8901c5fac42d5082f9c
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.aarch64.rpm
SHA-256: 07c8397b8ca4f778fc3a9a066eb6c48d635d1854abcc04fe4b6325c464c9ef7e
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202305-32 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.40.1 are affected.
Red Hat Security Advisory 2023-2834-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32886: A vulnerability was found in webkitgtkm, where a buffer overflow issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to arbitrary code execution. * CVE-2022-32888: A vulnerability was found in webkitgtk, where an out-of-bounds read was addressed with improved bounds checking. Processing mali...
Red Hat Security Advisory 2023-2256-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.
Ubuntu Security Notice 6061-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A remote user may be able to write arbitrary files.
Ubuntu Security Notice 5867-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5867-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5867-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Debian Linux Security Advisory 5341-1 - Multiple vulnerabilities have been discovered in the WebKitGTK web engine. Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution.
Debian Linux Security Advisory 5341-1 - Multiple vulnerabilities have been discovered in the WebKitGTK web engine. Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution.
Debian Linux Security Advisory 5341-1 - Multiple vulnerabilities have been discovered in the WebKitGTK web engine. Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution.
Debian Linux Security Advisory 5340-1 - Multiple vulnerabilities have been discovered in the WebKitGTK web engine. Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution.
Debian Linux Security Advisory 5340-1 - Multiple vulnerabilities have been discovered in the WebKitGTK web engine. Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution.
Debian Linux Security Advisory 5340-1 - Multiple vulnerabilities have been discovered in the WebKitGTK web engine. Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution.
Apple Security Advisory 2023-01-24-1 - tvOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-24-1 - tvOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-8 - Safari 16.3 addresses code execution vulnerabilities.
Apple Security Advisory 2023-01-23-8 - Safari 16.3 addresses code execution vulnerabilities.
Apple Security Advisory 2023-01-23-7 - watchOS 9.3 addresses bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-7 - watchOS 9.3 addresses bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-6 - macOS Big Sur 11.7.3 addresses buffer overflow, bypass, and code execution vulnerabilities.
Apple Security Advisory 2023-01-23-6 - macOS Big Sur 11.7.3 addresses buffer overflow, bypass, and code execution vulnerabilities.
Apple Security Advisory 2023-01-23-5 - macOS Monterey 12.6.3 addresses buffer overflow, bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-5 - macOS Monterey 12.6.3 addresses buffer overflow, bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.
Apple Security Advisory 2023-01-23-4 - macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities.
Apple Security Advisory 2023-01-23-1 - iOS 16.3 and iPadOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
Apple Security Advisory 2023-01-23-1 - iOS 16.3 and iPadOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
WebKit suffers from a RenderMathMLToken use-after-free vulnerability in CSSCrossfadeValue::crossfadeChanged.
Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.
Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.
Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.
Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.
Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.
Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.
Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.
Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.
Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.
Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.
Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.
Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.
Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.
Apple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.
Apple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.
Apple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.
Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Ubuntu Security Notice 5730-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5730-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5730-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5730-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Ubuntu Security Notice 5730-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Debian Linux Security Advisory 5274-1 - Jihwan Kim and Dohyun Lee discovered that visiting a malicious website may lead to user interface spoofing. Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution. Abdulrahman Alqabandi, Ryan Shin and Dohyun Lee discovered that processing maliciously crafted web content may disclose sensitive user information.
Debian Linux Security Advisory 5274-1 - Jihwan Kim and Dohyun Lee discovered that visiting a malicious website may lead to user interface spoofing. Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution. Abdulrahman Alqabandi, Ryan Shin and Dohyun Lee discovered that processing maliciously crafted web content may disclose sensitive user information.
Debian Linux Security Advisory 5274-1 - Jihwan Kim and Dohyun Lee discovered that visiting a malicious website may lead to user interface spoofing. Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution. Abdulrahman Alqabandi, Ryan Shin and Dohyun Lee discovered that processing maliciously crafted web content may disclose sensitive user information.
Debian Linux Security Advisory 5273-1 - Jihwan Kim and Dohyun Lee discovered that visiting a malicious website may lead to user interface spoofing. Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution. Abdulrahman Alqabandi, Ryan Shin and Dohyun Lee discovered that processing maliciously crafted web content may disclose sensitive user information.
Debian Linux Security Advisory 5273-1 - Jihwan Kim and Dohyun Lee discovered that visiting a malicious website may lead to user interface spoofing. Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution. Abdulrahman Alqabandi, Ryan Shin and Dohyun Lee discovered that processing maliciously crafted web content may disclose sensitive user information.
Debian Linux Security Advisory 5273-1 - Jihwan Kim and Dohyun Lee discovered that visiting a malicious website may lead to user interface spoofing. Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution. Abdulrahman Alqabandi, Ryan Shin and Dohyun Lee discovered that processing maliciously crafted web content may disclose sensitive user information.
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.
A logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted contacts may still appear in spotlight search results.
This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.
This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.
A logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted contacts may still appear in spotlight search results.
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups.
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.
Apple Security Advisory 2022-10-27-15 - Safari 16.1 addresses code execution, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-10-27-15 - Safari 16.1 addresses code execution, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-10-27-15 - Safari 16.1 addresses code execution, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-10-27-15 - Safari 16.1 addresses code execution, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-10-27-14 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.
Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-10-27-12 - watchOS 9.1 addresses code execution, out of bounds write, and spoofing vulnerabilities.
Apple Security Advisory 2022-10-27-12 - watchOS 9.1 addresses code execution, out of bounds write, and spoofing vulnerabilities.
Apple Security Advisory 2022-10-27-12 - watchOS 9.1 addresses code execution, out of bounds write, and spoofing vulnerabilities.
Apple Security Advisory 2022-10-27-12 - watchOS 9.1 addresses code execution, out of bounds write, and spoofing vulnerabilities.
Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
Ubuntu Security Notice 5642-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.
Apple Security Advisory 2022-09-12-5 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.