Oval Definition:oval:com.redhat.rhsa:def:20221777
Revision Date:2022-05-10Version:639
Title:RHSA-2022:1777: webkit2gtk3 security, bug fix, and enhancement update (Moderate)
Description:WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

  • The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6). (BZ#1985042)

    Security Fix(es):

  • webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free (CVE-2022-22620)

  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30809)

  • webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-30818)

  • webkitgtk: Logic issue leading to HSTS bypass (CVE-2021-30823)

  • webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30846)

  • webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30848)

  • webkitgtk: Multiple memory corruption issue leading to arbitrary code execution (CVE-2021-30849)

  • webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30851)

  • webkitgtk: Logic issue leading to Content Security Policy bypass (CVE-2021-30887)

  • webkitgtk: Information leak via Content Security Policy reports (CVE-2021-30888)

  • webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2021-30889)

  • webkitgtk: Logic issue leading to universal cross-site scripting (CVE-2021-30890)

  • webkitgtk: Cross-origin data exfiltration via resource timing API (CVE-2021-30897)

  • webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30934)

  • webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30936)

  • webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30951)

  • webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30952)

  • webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30953)

  • webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30954)

  • webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30984)

  • webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create (CVE-2021-45481)

  • webkitgtk: use-after-free in WebCore::ContainerNode::firstChild (CVE-2021-45482)

  • webkitgtk: use-after-free in WebCore::Frame::page (CVE-2021-45483)

  • webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript (CVE-2022-22589)

  • webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-22590)

  • webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2022-22592)

  • webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2022-22594)

  • webkitgtk: logic issue was addressed with improved state management (CVE-2022-22637)

  • webkitgtk: Out-of-bounds read leading to memory disclosure (CVE-2021-30836)

  • webkitgtk: CSS compositing issue leading to revealing of the browsing history (CVE-2021-30884)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2021-30809
    CVE-2021-30818
    CVE-2021-30823
    CVE-2021-30836
    CVE-2021-30846
    CVE-2021-30848
    CVE-2021-30849
    CVE-2021-30851
    CVE-2021-30884
    CVE-2021-30887
    CVE-2021-30888
    CVE-2021-30889
    CVE-2021-30890
    CVE-2021-30897
    CVE-2021-30934
    CVE-2021-30936
    CVE-2021-30951
    CVE-2021-30952
    CVE-2021-30953
    CVE-2021-30954
    CVE-2021-30984
    CVE-2021-45481
    CVE-2021-45482
    CVE-2021-45483
    CVE-2022-22589
    CVE-2022-22590
    CVE-2022-22592
    CVE-2022-22594
    CVE-2022-22620
    CVE-2022-22637
    RHSA-2022:1777
    Platform(s):Red Hat Enterprise Linux 8
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 8 is installed
  • OR Red Hat CoreOS 4 is installed
  • AND
  • webkit2gtk3 is earlier than 0:2.34.6-1.el8
  • AND webkit2gtk3 is signed with Red Hat redhatrelease2 key
  • webkit2gtk3-devel is earlier than 0:2.34.6-1.el8
  • AND webkit2gtk3-devel is signed with Red Hat redhatrelease2 key
  • webkit2gtk3-jsc is earlier than 0:2.34.6-1.el8
  • AND webkit2gtk3-jsc is signed with Red Hat redhatrelease2 key
  • webkit2gtk3-jsc-devel is earlier than 0:2.34.6-1.el8
  • AND webkit2gtk3-jsc-devel is signed with Red Hat redhatrelease2 key
    • BACK