logo
DATABASE RESOURCES PRICING ABOUT US

[ASA-202207-4] webkit2gtk-4.1: multiple issues

Description

Arch Linux Security Advisory ASA-202207-4 ========================================= Severity: Critical Date : 2022-07-29 CVE-ID : CVE-2022-32792 CVE-2022-32816 Package : webkit2gtk-4.1 Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2791 Summary ======= The package webkit2gtk-4.1 before version 2.36.5-1 is vulnerable to multiple issues including arbitrary code execution and content spoofing. Resolution ========== Upgrade to 2.36.5-1. # pacman -Syu "webkit2gtk-4.1>=2.36.5-1" The problems have been fixed upstream in version 2.36.5. Workaround ========== None. Description =========== - CVE-2022-32792 (arbitrary code execution) Processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2022-32816 (content spoofing) Visiting a website that frames malicious content may lead to UI spoofing. Impact ====== An attacker is able to remotely execute arbitrary code on an affected host and spoof a website's content by using maliciously crafted web content. References ========== https://webkitgtk.org/security/WSA-2022-0007.html https://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32792 https://webkitgtk.org/security/WSA-2022-0007.html#CVE-2022-32816 https://security.archlinux.org/CVE-2022-32792 https://security.archlinux.org/CVE-2022-32816


Affected Package


OS OS Version Package Name Package Version
ArchLinux any webkit2gtk-4.1 2.36.5-1

Related