FortiClient VulnerabilitySecurity Vulnerabilities fixed in webkit2gtk3 RHSA-2022:1777
Description
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6). (BZ#1985042) Security Fix(es): webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free (CVE-2022-22620) webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30809) webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-30818) webkitgtk: Logic issue leading to HSTS bypass (CVE-2021-30823) webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30846) webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30848) webkitgtk: Multiple memory corruption issue leading to arbitrary code execution (CVE-2021-30849) webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30851) webkitgtk: Logic issue leading to Content Security Policy bypass (CVE-2021-30887) webkitgtk: Information leak via Content Security Policy reports (CVE-2021-30888) webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2021-30889) webkitgtk: Logic issue leading to universal cross-site scripting (CVE-2021-30890) webkitgtk: Cross-origin data exfiltration via resource timing API (CVE-2021-30897) webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30934) webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30936) webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30951) webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30952) webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30953) webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30954) webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30984) webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create (CVE-2021-45481) webkitgtk: use-after-free in WebCore::ContainerNode::firstChild (CVE-2021-45482) webkitgtk: use-after-free in WebCore::Frame::page (CVE-2021-45483) webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript (CVE-2022-22589) webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-22590) webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2022-22592) webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2022-22594) webkitgtk: logic issue was addressed with improved state management (CVE-2022-22637) webkitgtk: Out-of-bounds read leading to memory disclosure (CVE-2021-30836) webkitgtk: CSS compositing issue leading to revealing of the browsing history (CVE-2021-30884) webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free (CVE-2022-22620) webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30809) webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-30818) webkitgtk: Logic issue leading to HSTS bypass (CVE-2021-30823) webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30846) webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30848) webkitgtk: Multiple memory corruption issue leading to arbitrary code execution (CVE-2021-30849) webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30851) webkitgtk: Logic issue leading to Content Security Policy bypass (CVE-2021-30887) webkitgtk: Information leak via Content Security Policy reports (CVE-2021-30888) webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2021-30889) webkitgtk: Logic issue leading to universal cross-site scripting (CVE-2021-30890) webkitgtk: Cross-origin data exfiltration via resource timing API (CVE-2021-30897) webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30934) webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30936) webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30951) webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30952) webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30953) webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30954) webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30984) webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create (CVE-2021-45481) webkitgtk: use-after-free in WebCore::ContainerNode::firstChild (CVE-2021-45482) webkitgtk: use-after-free in WebCore::Frame::page (CVE-2021-45483) webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript (CVE-2022-22589) webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-22590) webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2022-22592) webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2022-22594) webkitgtk: logic issue was addressed with improved state management (CVE-2022-22637) webkitgtk: Out-of-bounds read leading to memory disclosure (CVE-2021-30836) webkitgtk: CSS compositing issue leading to revealing of the browsing history (CVE-2021-30884) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. SolutionFor details on how to apply this update, which includes the changes described in this advisory, refer to:https://access.redhat.com/articles/11258
Affected Applications
webkit2gtk3
CVE References
CVE-2021-30848 CVE-2021-30849 CVE-2022-22637 CVE-2021-30846 CVE-2021-30823 CVE-2021-30809 CVE-2021-30984 CVE-2021-30888 CVE-2021-30889 CVE-2021-30887 CVE-2021-30884 CVE-2021-30954 CVE-2022-22620 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30851 CVE-2021-30836 CVE-2021-30936 CVE-2021-30934 CVE-2021-30818 CVE-2021-45482 CVE-2021-45483 CVE-2021-45481 CVE-2022-22589 CVE-2021-30897 CVE-2021-30890 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594Other References
https://access.redhat.com/errata/RHSA-2022:1777| ID | 72387 |
| Created | May 14, 2022 |
| Description Updated |
Dec 20, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Linux |
| Vendor | RedHat |
| Patch | auto |
| Application | webkit2gtk3 |