Lucene search

K
archlinuxArchLinuxASA-202207-4
HistoryJul 29, 2022 - 12:00 a.m.

[ASA-202207-4] webkit2gtk-4.1: multiple issues

2022-07-2900:00:00
security.archlinux.org
14

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Arch Linux Security Advisory ASA-202207-4

Severity: Critical
Date : 2022-07-29
CVE-ID : CVE-2022-32792 CVE-2022-32816
Package : webkit2gtk-4.1
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2791

Summary

The package webkit2gtk-4.1 before version 2.36.5-1 is vulnerable to
multiple issues including arbitrary code execution and content
spoofing.

Resolution

Upgrade to 2.36.5-1.

pacman -Syu “webkit2gtk-4.1>=2.36.5-1”

The problems have been fixed upstream in version 2.36.5.

Workaround

None.

Description

  • CVE-2022-32792 (arbitrary code execution)

Processing maliciously crafted web content may lead to arbitrary code
execution.

  • CVE-2022-32816 (content spoofing)

Visiting a website that frames malicious content may lead to UI
spoofing.

Impact

An attacker is able to remotely execute arbitrary code on an affected
host and spoof a website’s content by using maliciously crafted web
content.

References

https://webkitgtk.org/security/WSA-2022-0007.html
https://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32792
https://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32816
https://security.archlinux.org/CVE-2022-32792
https://security.archlinux.org/CVE-2022-32816

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanywebkit2gtk-4.1< 2.36.5-1UNKNOWN

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H