ALSA-2023:2834

[ALSA-2023:2834] Important: webkit2gtk3 security and bug fix update

Type:

security

Severity:

important

Release date:

2023-05-19

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42826)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23517)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23518)
* webkitgtk: buffer overflow issue was addressed with improved memory handling (CVE-2022-32886)
* webkitgtk: out-of-bounds write issue was addressed with improved bounds checking (CVE-2022-32888)
* webkitgtk: correctness issue in the JIT was addressed with improved checks (CVE-2022-32923)
* webkitgtk: issue was addressed with improved UI handling (CVE-2022-42799)
* webkitgtk: type confusion issue leading to arbitrary code execution (CVE-2022-42823)
* webkitgtk: sensitive information disclosure issue (CVE-2022-42824)
* webkitgtk: memory disclosure issue was addressed with improved memory handling (CVE-2022-42852)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-42863)
* webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42867)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46691)
* webkitgtk: Same Origin Policy bypass issue (CVE-2022-46692)
* webkitgtk: logic issue leading to user information disclosure (CVE-2022-46698)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46699)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46700)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild() (CVE-2023-25358)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer() (CVE-2023-25360)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling() (CVE-2023-25361)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps() (CVE-2023-25362)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags() (CVE-2023-25363)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	webkit2gtk3-devel-2.38.5-1.el8.aarch64.rpm	0efd2be4faf145e14fad4547486c5790fd3215de28f336727a4df7ade01e6201
aarch64	webkit2gtk3-jsc-2.38.5-1.el8.aarch64.rpm	3eaebfb62c424d4045812c093aec269888e26c8e992a4abac04dfd0739858ea6
aarch64	webkit2gtk3-jsc-devel-2.38.5-1.el8.aarch64.rpm	dde41af4788c7edd3a6f6e5797daaa2c42c403422e792f9f5a4c34cced57f02e
aarch64	webkit2gtk3-2.38.5-1.el8.aarch64.rpm	fb170047da760b8c2639a67ee31e85e3eec28141b5745fd72bb57d1a08862151
i686	webkit2gtk3-jsc-devel-2.38.5-1.el8.i686.rpm	33a010fae4a53a7b7dbb11e9da0b7ba5f13b55d5a950f171bf1e9b5ee66973b3
i686	webkit2gtk3-devel-2.38.5-1.el8.i686.rpm	7b22ad71e1e531e57dfaffd167f775ddc4064a500b6d2412fc6b673c1d56ec74
i686	webkit2gtk3-2.38.5-1.el8.i686.rpm	7ca014e010221b356bef6e60928ff9cb55c365303162001299c64440099730d8
i686	webkit2gtk3-jsc-2.38.5-1.el8.i686.rpm	d4c26e70f393daa90415e8878695e095ce9b2f005a81479dbb30a4e6075cfa51
ppc64le	webkit2gtk3-jsc-2.38.5-1.el8.ppc64le.rpm	3186184bc93121a3a182260a5468c1f42dc1a21f0bcf3b154a8220bac7cfff94
ppc64le	webkit2gtk3-2.38.5-1.el8.ppc64le.rpm	3bdceec6aee2f000c7a3dea540a655420e0bc4d39a73bf565cd8563999aa8fb3
ppc64le	webkit2gtk3-jsc-devel-2.38.5-1.el8.ppc64le.rpm	558fdf74d3e7040bfaf22f4984938d3aa5f77557f8f2a0ec2c98779c20e4c8e9
ppc64le	webkit2gtk3-devel-2.38.5-1.el8.ppc64le.rpm	ed5950019624f24a2710c6522fb0063b24ca21fbafbc13efd0d63ba557634b32
s390x	webkit2gtk3-devel-2.38.5-1.el8.s390x.rpm	10382884cdf3a3e90ae8067b23da5c09efac732a5d0c354ebb345e05d46b0387
s390x	webkit2gtk3-jsc-2.38.5-1.el8.s390x.rpm	7fed8f029e2d7daddacfa2ee30826dfff2690a0a327b5ce75d5d42f6bcbd369a
s390x	webkit2gtk3-2.38.5-1.el8.s390x.rpm	f0451f487bd6789391b6cf970acdace17a3814c87fc68ba3fca2130c33ca9d56
s390x	webkit2gtk3-jsc-devel-2.38.5-1.el8.s390x.rpm	f15472e8ee50eb03b6c9d9cff16ad61bc8231a1ce52dd10bf0bcd84eafac5094
x86_64	webkit2gtk3-2.38.5-1.el8.x86_64.rpm	28000ac5243427a3b17af677b2bb09c209b708500f174e12915438a7ec78cfb4
x86_64	webkit2gtk3-jsc-devel-2.38.5-1.el8.x86_64.rpm	612a5a9a819c3f673633417a3545d311af258a898a6ba374174a0b3359a9561c
x86_64	webkit2gtk3-jsc-2.38.5-1.el8.x86_64.rpm	8b898cb4c25dd2e340b7bcd0a56123c57e83b7ee728e8f647b2df44025cb167b
x86_64	webkit2gtk3-devel-2.38.5-1.el8.x86_64.rpm	ebbb42fe2ffbc6ecbebdad56579bf3f8a39de0e16216ebc919222d0887df9672

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.