ALSA-2023:2256

[ALSA-2023:2256] Important: webkit2gtk3 security and bug fix update

Type:

security

Severity:

important

Release date:

2023-05-12

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42826)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23517)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23518)
* webkitgtk: buffer overflow issue was addressed with improved memory handling (CVE-2022-32886)
* webkitgtk: out-of-bounds write issue was addressed with improved bounds checking (CVE-2022-32888)
* webkitgtk: correctness issue in the JIT was addressed with improved checks (CVE-2022-32923)
* webkitgtk: issue was addressed with improved UI handling (CVE-2022-42799)
* webkitgtk: type confusion issue leading to arbitrary code execution (CVE-2022-42823)
* webkitgtk: sensitive information disclosure issue (CVE-2022-42824)
* webkitgtk: memory disclosure issue was addressed with improved memory handling (CVE-2022-42852)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-42863)
* webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42867)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46691)
* webkitgtk: Same Origin Policy bypass issue (CVE-2022-46692)
* webkitgtk: logic issue leading to user information disclosure (CVE-2022-46698)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46699)
* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46700)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild() (CVE-2023-25358)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer() (CVE-2023-25360)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling() (CVE-2023-25361)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps() (CVE-2023-25362)
* webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags() (CVE-2023-25363)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	webkit2gtk3-devel-2.38.5-1.el9.aarch64.rpm	10c5d928968ac279c0fbf4e4743464a2da9afb383eac933c95da0d0f407296f7
aarch64	webkit2gtk3-2.38.5-1.el9.aarch64.rpm	b70d472e25d77f7e40c3c911c6542dcbc9600f9e1430f3fd78e6a8db09b5bf59
aarch64	webkit2gtk3-jsc-devel-2.38.5-1.el9.aarch64.rpm	bceeb518ce48ee843040bf7ce17a23a53400cf61463c78908162529219342be8
aarch64	webkit2gtk3-jsc-2.38.5-1.el9.aarch64.rpm	beede98fb4d391e0272434afa3847095bccf40ff4b1b90951c5bfba281e464bd
i686	webkit2gtk3-jsc-2.38.5-1.el9.i686.rpm	0680b7a6554030af93da81bed788d191463016f9869101419e2fc0e3b662e9ec
i686	webkit2gtk3-2.38.5-1.el9.i686.rpm	496f3a74cecdc62746b35ccd39b53377d258efe2d867685540d1bcd0e8e8c740
i686	webkit2gtk3-devel-2.38.5-1.el9.i686.rpm	693e6f8baba26d7b7bc89a05ade8a420704ac76337de05f840d5b1c95e2414fa
i686	webkit2gtk3-jsc-devel-2.38.5-1.el9.i686.rpm	af709a921a1e40daba005c41fa7c08e14c4f868d580895a7e496e06d669b4423
ppc64le	webkit2gtk3-2.38.5-1.el9.ppc64le.rpm	2ce4ebfabb57f131530ebae105a85b684af884f10b8bbde7b79a894d4c2064de
ppc64le	webkit2gtk3-jsc-2.38.5-1.el9.ppc64le.rpm	40b9fee4b5714b659f6c41bbc08ef97b3f1ce8d6ada2dcf29e0000f12ae85543
ppc64le	webkit2gtk3-devel-2.38.5-1.el9.ppc64le.rpm	4163e9fb60ce18f48fbfba8be7583e11b1b9cb51a4cee1615a3f553d0a43fc04
ppc64le	webkit2gtk3-jsc-devel-2.38.5-1.el9.ppc64le.rpm	dcfadc63787a74bb2d97bd422eb55b69d77e5ced8add3dc2f1ee35a579f391ac
s390x	webkit2gtk3-jsc-2.38.5-1.el9.s390x.rpm	3bded3ff59ddcdc5da21913a9f28563559b631d2cc2d08cc136a0fdb268fdf99
s390x	webkit2gtk3-devel-2.38.5-1.el9.s390x.rpm	b3bcd8abe8d0f61bd1a2b8ced2a20565ea853bf4b8cd13b9a7fea74e47a1c425
s390x	webkit2gtk3-jsc-devel-2.38.5-1.el9.s390x.rpm	df7cbc5551053afe01c48ba8f2eb99ac0603f41413b702fa5ed617ecb4065e68
s390x	webkit2gtk3-2.38.5-1.el9.s390x.rpm	f5d21a68dcd606a335fb8ad2ce7237ba22e6fbb5c01fcb30f28c89546559bf21
x86_64	webkit2gtk3-devel-2.38.5-1.el9.x86_64.rpm	4c331bba73d58cb95cc5f670d2d36b0dca2ca7e8c4c7a77823eeeceb2193aa61
x86_64	webkit2gtk3-jsc-devel-2.38.5-1.el9.x86_64.rpm	553ab6f48a7d4b5f6b814e9a9f53d6136827555d7520479e06883e3bcc121a9f
x86_64	webkit2gtk3-jsc-2.38.5-1.el9.x86_64.rpm	7f349ef90abebcaf46cdc7177e997729db04d04e64fe9d0d48ef523148f5914f
x86_64	webkit2gtk3-2.38.5-1.el9.x86_64.rpm	c5bad7e05cb2dcdd472d22efe5b6ea913de383cfa23587eeda9431b65845c1b5

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.