8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.3%
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)
webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)
webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)
webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.
bugzilla.redhat.com/show_bug.cgi?id=2061996
bugzilla.redhat.com/show_bug.cgi?id=2073893
bugzilla.redhat.com/show_bug.cgi?id=2073896
bugzilla.redhat.com/show_bug.cgi?id=2073899
bugzilla.redhat.com/show_bug.cgi?id=2082548
bugzilla.redhat.com/show_bug.cgi?id=2092732
bugzilla.redhat.com/show_bug.cgi?id=2092733
bugzilla.redhat.com/show_bug.cgi?id=2092734
bugzilla.redhat.com/show_bug.cgi?id=2092735
bugzilla.redhat.com/show_bug.cgi?id=2092736
bugzilla.redhat.com/show_bug.cgi?id=2104787
bugzilla.redhat.com/show_bug.cgi?id=2104789
errata.rockylinux.org/RLSA-2022:8054
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.3%