Lucene search

K
archlinuxArchLinuxASA-202207-1
HistoryJul 29, 2022 - 12:00 a.m.

[ASA-202207-1] webkit2gtk-5.0: multiple issues

2022-07-2900:00:00
security.archlinux.org
18
webkit2gtk-5.0
critical
multiple issues
arbitrary code execution
content spoofing
remote
vulnerability
upgrade
malicious web content
ui spoofing
security advisory

EPSS

0.003

Percentile

70.5%

Arch Linux Security Advisory ASA-202207-1

Severity: Critical
Date : 2022-07-29
CVE-ID : CVE-2022-32792 CVE-2022-32816
Package : webkit2gtk-5.0
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2792

Summary

The package webkit2gtk-5.0 before version 2.36.5-1 is vulnerable to
multiple issues including arbitrary code execution and content
spoofing.

Resolution

Upgrade to 2.36.5-1.

pacman -Syu β€œwebkit2gtk-5.0>=2.36.5-1”

The problems have been fixed upstream in version 2.36.5.

Workaround

None.

Description

  • CVE-2022-32792 (arbitrary code execution)

Processing maliciously crafted web content may lead to arbitrary code
execution.

  • CVE-2022-32816 (content spoofing)

Visiting a website that frames malicious content may lead to UI
spoofing.

Impact

An attacker is able to remotely execute arbitrary code on an affected
host and spoof a website’s content by using maliciously crafted web
content.

References

https://webkitgtk.org/security/WSA-2022-0007.html
https://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32792
https://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32816
https://security.archlinux.org/CVE-2022-32792
https://security.archlinux.org/CVE-2022-32816

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanywebkit2gtk-5.0<Β 2.36.5-1UNKNOWN