ALSA-2023:6535

[ALSA-2023:6535] Important: webkit2gtk3 security and bug fix update

Type:

security

Severity:

important

Release date:

2023-11-14

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: arbitrary code execution (CVE-2023-32393)
* webkitgtk: bypass Same Origin Policy (CVE-2023-38572)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-38592)
* webkitgtk: arbitrary code execution (CVE-2023-38594)
* webkitgtk: arbitrary code execution (CVE-2023-38595)
* webkitgtk: arbitrary code execution (CVE-2023-38597)
* webkitgtk: arbitrary code execution (CVE-2023-38600)
* webkitgtk: arbitrary code execution (CVE-2023-38611)
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: Same Origin Policy bypass via crafted web content (CVE-2023-27932)
* webkitgtk: Website may be able to track sensitive user information (CVE-2023-27954)
* webkitgtk: use after free vulnerability (CVE-2023-28198)
* webkitgtk: content security policy blacklist failure (CVE-2023-32370)
* webkitgtk: disclose sensitive information (CVE-2023-38133)
* webkitgtk: track sensitive user information (CVE-2023-38599)
* webkitgtk: processing web content may lead to arbitrary code execution (CVE-2023-39434)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: attacker with JavaScript execution may be able to execute arbitrary code (CVE-2023-40451)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	webkit2gtk3-jsc-devel-2.40.5-1.el9.aarch64.rpm	3ae5f69219e910f36353549fde73894bdfa17f2df793bbf6ab3a96b0b561fab4
aarch64	webkit2gtk3-jsc-2.40.5-1.el9.aarch64.rpm	907fa896d4ba66a7f84758f69b89c6c6e01f20086ed88ac3ba1e791c2305101b
aarch64	webkit2gtk3-2.40.5-1.el9.aarch64.rpm	948d05f0ccf9f4f0f3b669076f6cf88d956a2ab89f0795e6abd3a510058397f4
aarch64	webkit2gtk3-devel-2.40.5-1.el9.aarch64.rpm	d13804e638e3a1f64c7859322ed159ea0743ec9c384c83557303ec0ec54a0723
i686	webkit2gtk3-devel-2.40.5-1.el9.i686.rpm	293d45917e56deefd017af027d13c3252cc3d6c696a8b91a4152bce475f9fab0
i686	webkit2gtk3-jsc-devel-2.40.5-1.el9.i686.rpm	51032c09431612ccfea20bd37554f8e18c10441ef710db0468ebcf502b8cef57
i686	webkit2gtk3-jsc-2.40.5-1.el9.i686.rpm	627c28b9f28d6d42cf44e9438eb9d2fbaab1e1980abcf131dddf28c2c9877a5e
i686	webkit2gtk3-2.40.5-1.el9.i686.rpm	de451125099577a69700194cf0e57967912e487d533ad3d2272bf613dfaa1120
ppc64le	webkit2gtk3-jsc-2.40.5-1.el9.ppc64le.rpm	2826431fc3162cf52016cfbba7d35baab42cad08bf139437ad371317778f7bc4
ppc64le	webkit2gtk3-jsc-devel-2.40.5-1.el9.ppc64le.rpm	928e3f781623f229891581f7b52f164b8f7e09db5cd9d22ce1de0a87b0340712
ppc64le	webkit2gtk3-2.40.5-1.el9.ppc64le.rpm	d2903693f7dc7f9aecd6cde3f3e2e836a0fe18c5adf78bd1fe37fa9d4e212adf
ppc64le	webkit2gtk3-devel-2.40.5-1.el9.ppc64le.rpm	e9846c4f18cc99ecf56cbf57fbe9d612a84dab808de62ce4c4baa7779bf1ff65
s390x	webkit2gtk3-2.40.5-1.el9.s390x.rpm	1b70f5839e08f24b845be8fb9b7ff2f2cb6fc9d5208c7d73a7cb14650afdfb1a
s390x	webkit2gtk3-jsc-devel-2.40.5-1.el9.s390x.rpm	2d32bc1890d6aec38f624c3869fd21a6bde56b67e42e1b13d300d2c20e98a2d7
s390x	webkit2gtk3-jsc-2.40.5-1.el9.s390x.rpm	521ff6577e922c0aaf4bedd460ac5dbb1573f657e5e313a07ad8b839ceb95aca
s390x	webkit2gtk3-devel-2.40.5-1.el9.s390x.rpm	9d74bd036ece28e982f2a5874ca4e3449529e3d3d45bd83d0dca04f9e2eb173a
x86_64	webkit2gtk3-jsc-2.40.5-1.el9.x86_64.rpm	159f981e44a20737585890c87fad4ed17a70e90a7f8726ea2b71673c739fb7ef
x86_64	webkit2gtk3-jsc-devel-2.40.5-1.el9.x86_64.rpm	3cdadeb8c28f3a24228e80125165124402ca1544e262d97b2036f46e21c61130
x86_64	webkit2gtk3-2.40.5-1.el9.x86_64.rpm	73c1d2c49c1775861a5423962ef82a6bebb2c2cacd3710e184e8f083d35abc52
x86_64	webkit2gtk3-devel-2.40.5-1.el9.x86_64.rpm	d446304384ab43cd8694054d5921d77a4f6e4b64ce896b8c97eaeb004939bbfd

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.