Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:1777
HistoryMay 10, 2022 - 6:24 a.m.

(RHSA-2022:1777) Moderate: webkit2gtk3 security, bug fix, and enhancement update

2022-05-1006:24:27
access.redhat.com
45

0.007 Low

EPSS

Percentile

80.6%

JSON

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6). (BZ#1985042)

Security Fix(es):

  • webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free (CVE-2022-22620)

  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30809)

  • webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-30818)

  • webkitgtk: Logic issue leading to HSTS bypass (CVE-2021-30823)

  • webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30846)

  • webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30848)

  • webkitgtk: Multiple memory corruption issue leading to arbitrary code execution (CVE-2021-30849)

  • webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30851)

  • webkitgtk: Logic issue leading to Content Security Policy bypass (CVE-2021-30887)

  • webkitgtk: Information leak via Content Security Policy reports (CVE-2021-30888)

  • webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2021-30889)

  • webkitgtk: Logic issue leading to universal cross-site scripting (CVE-2021-30890)

  • webkitgtk: Cross-origin data exfiltration via resource timing API (CVE-2021-30897)

  • webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30934)

  • webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30936)

  • webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30951)

  • webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30952)

  • webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30953)

  • webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30954)

  • webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30984)

  • webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create (CVE-2021-45481)

  • webkitgtk: use-after-free in WebCore::ContainerNode::firstChild (CVE-2021-45482)

  • webkitgtk: use-after-free in WebCore::Frame::page (CVE-2021-45483)

  • webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript (CVE-2022-22589)

  • webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-22590)

  • webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2022-22592)

  • webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2022-22594)

  • webkitgtk: logic issue was addressed with improved state management (CVE-2022-22637)

  • webkitgtk: Out-of-bounds read leading to memory disclosure (CVE-2021-30836)

  • webkitgtk: CSS compositing issue leading to revealing of the browsing history (CVE-2021-30884)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8s390xwebkit2gtk3-jsc-debuginfo< 2.34.6-1.el8webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm
RedHat8ppc64lewebkit2gtk3-devel< 2.34.6-1.el8webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm
RedHat8ppc64lewebkit2gtk3-jsc-devel-debuginfo< 2.34.6-1.el8webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
RedHat8s390xwebkit2gtk3-jsc-devel-debuginfo< 2.34.6-1.el8webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm
RedHat8ppc64lewebkit2gtk3-debuginfo< 2.34.6-1.el8webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm
RedHat8aarch64webkit2gtk3-jsc< 2.34.6-1.el8webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm
RedHat8i686webkit2gtk3-jsc< 2.34.6-1.el8webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm
RedHat8s390xwebkit2gtk3< 2.34.6-1.el8webkit2gtk3-2.34.6-1.el8.s390x.rpm
RedHat8s390xwebkit2gtk3-debugsource< 2.34.6-1.el8webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm
RedHat8s390xwebkit2gtk3-devel< 2.34.6-1.el8webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm
Rows per page:
1-10 of 451

Related

nessus 30
osv 16
oraclelinux 1
almalinux 1
rocky 1
suse 5
openvas 42
fedora 6
debian 8
mageia 4
ubuntu 4
apple 9
gentoo 1
cvelist 9
alpinelinux 11
cve 6
ubuntucve 7
prion 11
debiancve 10
thn 2
threatpost 1
archlinux 2
veracode 5
redhatcve 7
nessus
nessus
Rocky Linux 8 : webkit2gtk3 (RLSA-2022:1777)
2022-05-18 00:00:00
CentOS 8 : webkit2gtk3 (CESA-2022:1777)
2022-05-10 00:00:00
RHEL 8 : webkit2gtk3 (RHSA-2022:1777)
2022-05-11 00:00:00
osv
osv
Moderate: webkit2gtk3 security, bug fix, and enhancement update
2022-05-10 06:24:27
Moderate: webkit2gtk3 security, bug fix, and enhancement update
2022-05-10 06:24:27
webkit2gtk - security update
2021-10-29 00:00:00
oraclelinux
oraclelinux
webkit2gtk3 security, bug fix, and enhancement update
2022-05-17 00:00:00
almalinux
almalinux
Moderate: webkit2gtk3 security, bug fix, and enhancement update
2022-05-10 06:24:27
rocky
rocky
webkit2gtk3 security, bug fix, and enhancement update
2022-05-10 06:24:27
suse
suse
Security update for webkit2gtk3 (important)
2022-03-04 00:00:00
Security update for webkit2gtk3 (important)
2021-12-02 00:00:00
Security update for webkit2gtk3 (important)
2021-12-10 00:00:00
openvas
openvas
openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2022:0705-1)
2022-03-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0705-1)
2022-03-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0703-1)
2022-03-04 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: webkit2gtk3-2.34.4-2.fc35
2022-01-23 01:45:32
[SECURITY] Fedora 34 Update: webkit2gtk3-2.34.4-1.fc34
2022-02-06 02:02:28
[SECURITY] Fedora 35 Update: webkit2gtk3-2.34.5-1.fc35
2022-02-12 01:20:43
debian
debian
[SECURITY] [DSA 5060-1] webkit2gtk security update
2022-01-25 19:58:00
[SECURITY] [DSA 5061-1] wpewebkit security update
2022-01-25 19:59:46
[SECURITY] [DSA 5084-1] wpewebkit security update
2022-02-19 19:47:24
mageia
mageia
Updated webkit2 packages fix security vulnerability
2022-01-25 15:13:11
Updated webkit2 packages fix security vulnerability
2022-02-12 20:31:35
Updated webkit2 packages fix security vulnerability
2021-10-29 22:32:22
ubuntu
ubuntu
WebKitGTK vulnerabilities
2022-01-27 00:00:00
WebKitGTK vulnerabilities
2022-02-28 00:00:00
WebKitGTK vulnerabilities
2022-01-06 00:00:00
apple
apple
About the security content of Safari 15.2
2021-12-14 00:00:00
About the security content of Safari 15
2021-09-20 00:00:00
About the security content of Safari 15.3
2022-01-26 00:00:00
gentoo
gentoo
WebkitGTK+: Multiple vulnerabilities
2022-02-01 00:00:00
cvelist
cvelist
CVE-2021-45482
2021-12-25 00:04:08
CVE-2021-45483
2021-12-25 00:03:55
CVE-2021-45481
2021-12-25 00:04:23
alpinelinux
alpinelinux
CVE-2021-45482
2021-12-25 01:15:00
CVE-2021-45481
2021-12-25 01:15:00
CVE-2021-45483
2021-12-25 01:15:00
cve
cve
CVE-2021-45483
2021-12-25 01:15:00
CVE-2021-45481
2021-12-25 01:15:00
CVE-2021-45482
2021-12-25 01:15:00
ubuntucve
ubuntucve
CVE-2021-45483
2021-12-25 00:00:00
CVE-2021-45481
2021-12-25 00:00:00
CVE-2021-45482
2021-12-25 00:00:00
prion
prion
Design/Logic Flaw
2021-12-25 01:15:00
Design/Logic Flaw
2021-12-25 01:15:00
Design/Logic Flaw
2021-12-25 01:15:00
debiancve
debiancve
CVE-2021-45482
2021-12-25 01:15:00
CVE-2021-45483
2021-12-25 01:15:00
CVE-2021-45481
2021-12-25 01:15:00
thn
thn
Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw
2022-02-11 03:30:00
Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones
2021-12-14 06:10:00
threatpost
threatpost
Apple Patches Actively Exploited WebKit Zero Day
2022-02-11 13:45:45
archlinux
archlinux
[ASA-202110-9] webkit2gtk: multiple issues
2021-10-29 00:00:00
[ASA-202110-10] wpewebkit: multiple issues
2021-10-29 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-02-21 06:21:21
Information Disclosure
2021-12-23 18:32:14
Use After Free
2022-02-05 14:28:17
redhatcve
redhatcve
CVE-2021-45483
2022-01-13 14:15:23
CVE-2021-30889
2021-12-20 20:02:07
CVE-2021-30897
2022-01-10 14:25:42

0.007 Low

EPSS

Percentile

80.6%

JSON
Related for RHSA-2022:1777
nessus30osv16oraclelinux1almalinux1rocky1suse5openvas42fedora6debian8mageia4ubuntu4apple9gentoo1cvelist9alpinelinux11cve6ubuntucve7prion11debiancve10thn2threatpost1archlinux2veracode5redhatcve7