Lucene search

K
almalinuxAlmaLinuxALSA-2022:8054
HistoryNov 15, 2022 - 12:00 a.m.

Moderate: webkit2gtk3 security and bug fix update

2022-11-1500:00:00
errata.almalinux.org
59
webkitgtk
buffer overflow
cookie management
memory corruption
code execution
cve-2022-22624
cve-2022-22628
cve-2022-22629
cve-2022-22662
cve-2022-26700
cve-2022-26709
cve-2022-26710
cve-2022-26716
cve-2022-26717
cve-2022-26719
cve-2022-30293
web rendering engine
gtk
almalinux
release notes.

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.013

Percentile

86.1%

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)
  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)
  • webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)
  • webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)
  • webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)
  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)
  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)
  • webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)
  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)
  • webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)
  • webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.013

Percentile

86.1%