8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
80.1%
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6). (BZ#1985042)
Security Fix(es):
webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free (CVE-2022-22620)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30809)
webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-30818)
webkitgtk: Logic issue leading to HSTS bypass (CVE-2021-30823)
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30846)
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30848)
webkitgtk: Multiple memory corruption issue leading to arbitrary code execution (CVE-2021-30849)
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30851)
webkitgtk: Logic issue leading to Content Security Policy bypass (CVE-2021-30887)
webkitgtk: Information leak via Content Security Policy reports (CVE-2021-30888)
webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2021-30889)
webkitgtk: Logic issue leading to universal cross-site scripting (CVE-2021-30890)
webkitgtk: Cross-origin data exfiltration via resource timing API (CVE-2021-30897)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30934)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30936)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30951)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30952)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30953)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30954)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30984)
webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create (CVE-2021-45481)
webkitgtk: use-after-free in WebCore::ContainerNode::firstChild (CVE-2021-45482)
webkitgtk: use-after-free in WebCore::Frame::page (CVE-2021-45483)
webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript (CVE-2022-22589)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-22590)
webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2022-22592)
webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2022-22594)
webkitgtk: logic issue was addressed with improved state management (CVE-2022-22637)
webkitgtk: Out-of-bounds read leading to memory disclosure (CVE-2021-30836)
webkitgtk: CSS compositing issue leading to revealing of the browsing history (CVE-2021-30884)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
errata.almalinux.org/8/ALSA-2022-1777.html
vulners.com/cve/CVE-2021-30809
vulners.com/cve/CVE-2021-30818
vulners.com/cve/CVE-2021-30823
vulners.com/cve/CVE-2021-30836
vulners.com/cve/CVE-2021-30846
vulners.com/cve/CVE-2021-30848
vulners.com/cve/CVE-2021-30849
vulners.com/cve/CVE-2021-30851
vulners.com/cve/CVE-2021-30884
vulners.com/cve/CVE-2021-30887
vulners.com/cve/CVE-2021-30888
vulners.com/cve/CVE-2021-30889
vulners.com/cve/CVE-2021-30890
vulners.com/cve/CVE-2021-30897
vulners.com/cve/CVE-2021-30934
vulners.com/cve/CVE-2021-30936
vulners.com/cve/CVE-2021-30951
vulners.com/cve/CVE-2021-30952
vulners.com/cve/CVE-2021-30953
vulners.com/cve/CVE-2021-30954
vulners.com/cve/CVE-2021-30984
vulners.com/cve/CVE-2021-45481
vulners.com/cve/CVE-2021-45482
vulners.com/cve/CVE-2021-45483
vulners.com/cve/CVE-2022-22589
vulners.com/cve/CVE-2022-22590
vulners.com/cve/CVE-2022-22592
vulners.com/cve/CVE-2022-22594
vulners.com/cve/CVE-2022-22620
vulners.com/cve/CVE-2022-22637
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
80.1%