[ALSA-2023:2256] Important: webkit2gtk3 security and bug fix update
Type:
security
Severity:
important
Release date:
2023-05-12
Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42826) * webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23517) * webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23518) * webkitgtk: buffer overflow issue was addressed with improved memory handling (CVE-2022-32886) * webkitgtk: out-of-bounds write issue was addressed with improved bounds checking (CVE-2022-32888) * webkitgtk: correctness issue in the JIT was addressed with improved checks (CVE-2022-32923) * webkitgtk: issue was addressed with improved UI handling (CVE-2022-42799) * webkitgtk: type confusion issue leading to arbitrary code execution (CVE-2022-42823) * webkitgtk: sensitive information disclosure issue (CVE-2022-42824) * webkitgtk: memory disclosure issue was addressed with improved memory handling (CVE-2022-42852) * webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-42863) * webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42867) * webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46691) * webkitgtk: Same Origin Policy bypass issue (CVE-2022-46692) * webkitgtk: logic issue leading to user information disclosure (CVE-2022-46698) * webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46699) * webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46700) * webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild() (CVE-2023-25358) * webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer() (CVE-2023-25360) * webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling() (CVE-2023-25361) * webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps() (CVE-2023-25362) * webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags() (CVE-2023-25363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 webkit2gtk3-devel-2.38.5-1.el9.aarch64.rpm 10c5d928968ac279c0fbf4e4743464a2da9afb383eac933c95da0d0f407296f7
aarch64 webkit2gtk3-2.38.5-1.el9.aarch64.rpm b70d472e25d77f7e40c3c911c6542dcbc9600f9e1430f3fd78e6a8db09b5bf59
aarch64 webkit2gtk3-jsc-devel-2.38.5-1.el9.aarch64.rpm bceeb518ce48ee843040bf7ce17a23a53400cf61463c78908162529219342be8
aarch64 webkit2gtk3-jsc-2.38.5-1.el9.aarch64.rpm beede98fb4d391e0272434afa3847095bccf40ff4b1b90951c5bfba281e464bd
i686 webkit2gtk3-jsc-2.38.5-1.el9.i686.rpm 0680b7a6554030af93da81bed788d191463016f9869101419e2fc0e3b662e9ec
i686 webkit2gtk3-2.38.5-1.el9.i686.rpm 496f3a74cecdc62746b35ccd39b53377d258efe2d867685540d1bcd0e8e8c740
i686 webkit2gtk3-devel-2.38.5-1.el9.i686.rpm 693e6f8baba26d7b7bc89a05ade8a420704ac76337de05f840d5b1c95e2414fa
i686 webkit2gtk3-jsc-devel-2.38.5-1.el9.i686.rpm af709a921a1e40daba005c41fa7c08e14c4f868d580895a7e496e06d669b4423
ppc64le webkit2gtk3-2.38.5-1.el9.ppc64le.rpm 2ce4ebfabb57f131530ebae105a85b684af884f10b8bbde7b79a894d4c2064de
ppc64le webkit2gtk3-jsc-2.38.5-1.el9.ppc64le.rpm 40b9fee4b5714b659f6c41bbc08ef97b3f1ce8d6ada2dcf29e0000f12ae85543
ppc64le webkit2gtk3-devel-2.38.5-1.el9.ppc64le.rpm 4163e9fb60ce18f48fbfba8be7583e11b1b9cb51a4cee1615a3f553d0a43fc04
ppc64le webkit2gtk3-jsc-devel-2.38.5-1.el9.ppc64le.rpm dcfadc63787a74bb2d97bd422eb55b69d77e5ced8add3dc2f1ee35a579f391ac
s390x webkit2gtk3-jsc-2.38.5-1.el9.s390x.rpm 3bded3ff59ddcdc5da21913a9f28563559b631d2cc2d08cc136a0fdb268fdf99
s390x webkit2gtk3-devel-2.38.5-1.el9.s390x.rpm b3bcd8abe8d0f61bd1a2b8ced2a20565ea853bf4b8cd13b9a7fea74e47a1c425
s390x webkit2gtk3-jsc-devel-2.38.5-1.el9.s390x.rpm df7cbc5551053afe01c48ba8f2eb99ac0603f41413b702fa5ed617ecb4065e68
s390x webkit2gtk3-2.38.5-1.el9.s390x.rpm f5d21a68dcd606a335fb8ad2ce7237ba22e6fbb5c01fcb30f28c89546559bf21
x86_64 webkit2gtk3-devel-2.38.5-1.el9.x86_64.rpm 4c331bba73d58cb95cc5f670d2d36b0dca2ca7e8c4c7a77823eeeceb2193aa61
x86_64 webkit2gtk3-jsc-devel-2.38.5-1.el9.x86_64.rpm 553ab6f48a7d4b5f6b814e9a9f53d6136827555d7520479e06883e3bcc121a9f
x86_64 webkit2gtk3-jsc-2.38.5-1.el9.x86_64.rpm 7f349ef90abebcaf46cdc7177e997729db04d04e64fe9d0d48ef523148f5914f
x86_64 webkit2gtk3-2.38.5-1.el9.x86_64.rpm c5bad7e05cb2dcdd472d22efe5b6ea913de383cfa23587eeda9431b65845c1b5
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.