Lucene search

K
rockyRockylinux Product ErrataRLSA-2022:8054
HistoryNov 15, 2022 - 6:14 a.m.

webkit2gtk3 security and bug fix update

2022-11-1506:14:22
Rockylinux Product Errata
errata.rockylinux.org
43
webkitgtk
security fix
bug fix
cve-2022-22624
cve-2022-22628
cve-2022-22629
cve-2022-22662
cve-2022-26700
cve-2022-26709
cve-2022-26710
cve-2022-26716
cve-2022-26717
cve-2022-26719
cve-2022-30293
cvss score
memory corruption issue
buffer overflow
cookie management issue
use-after-free

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

77.2%

An update is available for webkit2gtk3.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)

  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)

  • webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)

  • webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)

  • webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)

  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)

  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)

  • webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)

  • webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)

  • webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)

  • webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

77.2%