ALSA-2023:7055

[ALSA-2023:7055] Important: webkit2gtk3 security and bug fix update

Type:

security

Severity:

important

Release date:

2023-11-23

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: arbitrary code execution (CVE-2023-32393)
* webkitgtk: bypass Same Origin Policy (CVE-2023-38572)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-38592)
* webkitgtk: arbitrary code execution (CVE-2023-38594)
* webkitgtk: arbitrary code execution (CVE-2023-38595)
* webkitgtk: arbitrary code execution (CVE-2023-38597)
* webkitgtk: arbitrary code execution (CVE-2023-38600)
* webkitgtk: arbitrary code execution (CVE-2023-38611)
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: Same Origin Policy bypass via crafted web content (CVE-2023-27932)
* webkitgtk: Website may be able to track sensitive user information (CVE-2023-27954)
* webkitgtk: use after free vulnerability (CVE-2023-28198)
* webkitgtk: content security policy blacklist failure (CVE-2023-32370)
* webkitgtk: disclose sensitive information (CVE-2023-38133)
* webkitgtk: track sensitive user information (CVE-2023-38599)
* webkitgtk: processing web content may lead to arbitrary code execution (CVE-2023-39434)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: attacker with JavaScript execution may be able to execute arbitrary code (CVE-2023-40451)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	webkit2gtk3-devel-2.40.5-1.el8.aarch64.rpm	76aee9656151247096eddd656274e057d250b318f1caa5789e36d063e496619e
aarch64	webkit2gtk3-2.40.5-1.el8.aarch64.rpm	94ce208cc09d0c964dc11766e593d133ee8c228683705bc8fe3df75e5b6922c2
aarch64	webkit2gtk3-jsc-devel-2.40.5-1.el8.aarch64.rpm	9f4ad289539185765bfcbcbaa981911305d3e1b208352caec6954cc315bce1c2
aarch64	webkit2gtk3-jsc-2.40.5-1.el8.aarch64.rpm	a83a3b62c1968a488f7eb83b114b77c1b3d3af12ad7ca5403ec5fbf2a4b6e383
i686	webkit2gtk3-jsc-2.40.5-1.el8.i686.rpm	0815c0722f5f6e559f00f10614ab00ce854be4ec453840f6f8cb4ec279334c2f
i686	webkit2gtk3-jsc-devel-2.40.5-1.el8.i686.rpm	0e3b5001df70020800826d0d87237544de648f21e3ff0719a587c1faffa7a91c
i686	webkit2gtk3-2.40.5-1.el8.i686.rpm	0ff9c4e139ffaaca8283fb6843a62a8e1352390feddd2aa43e04a116be49bfd7
i686	webkit2gtk3-devel-2.40.5-1.el8.i686.rpm	e1825442adc16f4600cb53eb026500c1766a2fd54d2fe6cd394b76f35af4e591
ppc64le	webkit2gtk3-jsc-devel-2.40.5-1.el8.ppc64le.rpm	36e57c036cd8262d26c44c05ba4d869d15ced13838363ef88616e4c39a6292fb
ppc64le	webkit2gtk3-jsc-2.40.5-1.el8.ppc64le.rpm	e26eb98c85b2cafbcc6a3adaffd183d4f8d5f1a55d943b2bff400d5597646d3c
ppc64le	webkit2gtk3-devel-2.40.5-1.el8.ppc64le.rpm	e345f7fbaa3532475831a64e6c3c9aaaa8b4739d6e997c8ecc171cba40a5f764
ppc64le	webkit2gtk3-2.40.5-1.el8.ppc64le.rpm	f1f5266eb045dc92aca83c8827ff837c7f9dc7ee878b3f641fd9ee055afd6563
s390x	webkit2gtk3-jsc-devel-2.40.5-1.el8.s390x.rpm	1be4a972ead17fb2bbfc992c686819e51aeac2f3bb9a2a9c8f71e76a8557a633
s390x	webkit2gtk3-2.40.5-1.el8.s390x.rpm	4c59c5b51ae7cd4903e7245c2166e7c4bc8422a03c0bb776678474df49620856
s390x	webkit2gtk3-jsc-2.40.5-1.el8.s390x.rpm	4ea99306f3cda389c2bd06edaef4d06ba55c03e188d681bc121844778621b02d
s390x	webkit2gtk3-devel-2.40.5-1.el8.s390x.rpm	d9fcedd57cda58b2144f0cc2f2eca903a3e29d1137730b19379296bc9ab1952f
x86_64	webkit2gtk3-jsc-2.40.5-1.el8.x86_64.rpm	0be3944d6705c9a7fc2e70cb87d1e684fba395f2944dba56eccb01aeaad64533
x86_64	webkit2gtk3-devel-2.40.5-1.el8.x86_64.rpm	1553c8bf07b0e236025f48f5322a2d117ea6f5a7808a66852db6ec79a02225f5
x86_64	webkit2gtk3-jsc-devel-2.40.5-1.el8.x86_64.rpm	82f18312d6b5dfb10fb4359a235e9dc1e5f6c6580d96bec9f33df24d4f4948ee
x86_64	webkit2gtk3-2.40.5-1.el8.x86_64.rpm	91ffaa8710465a3c3747e996345be90a5243afecfb11ce0d44cc741e3396795f

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.