Gentoo: GLSA-202208-39: WebKitGTK+: Multiple Vulnerabilities | Linu...

Advisories

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202208-39
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: WebKitGTK+: Multiple Vulnerabilities
     Date: August 31, 2022
     Bugs: #866494, #864427, #856445, #861740, #837305, #845252, #839984, #833568, #832990
       ID: 202208-39

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.

Background
==========

WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  net-libs/webkit-gtk        < 2.36.7                    >= 2.36.7

Description
===========

Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All WebKitGTK+ users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.36.7"

References
==========

[ 1 ] CVE-2022-2294
      https://nvd.nist.gov/vuln/detail/CVE-2022-2294
[ 2 ] CVE-2022-22589
      https://nvd.nist.gov/vuln/detail/CVE-2022-22589
[ 3 ] CVE-2022-22590
      https://nvd.nist.gov/vuln/detail/CVE-2022-22590
[ 4 ] CVE-2022-22592
      https://nvd.nist.gov/vuln/detail/CVE-2022-22592
[ 5 ] CVE-2022-22620
      https://nvd.nist.gov/vuln/detail/CVE-2022-22620
[ 6 ] CVE-2022-22624
      https://nvd.nist.gov/vuln/detail/CVE-2022-22624
[ 7 ] CVE-2022-22628
      https://nvd.nist.gov/vuln/detail/CVE-2022-22628
[ 8 ] CVE-2022-22629
      https://nvd.nist.gov/vuln/detail/CVE-2022-22629
[ 9 ] CVE-2022-22662
      https://nvd.nist.gov/vuln/detail/CVE-2022-22662
[ 10 ] CVE-2022-22677
      https://nvd.nist.gov/vuln/detail/CVE-2022-22677
[ 11 ] CVE-2022-26700
      https://nvd.nist.gov/vuln/detail/CVE-2022-26700
[ 12 ] CVE-2022-26709
      https://nvd.nist.gov/vuln/detail/CVE-2022-26709
[ 13 ] CVE-2022-26710
      https://nvd.nist.gov/vuln/detail/CVE-2022-26710
[ 14 ] CVE-2022-26716
      https://nvd.nist.gov/vuln/detail/CVE-2022-26716
[ 15 ] CVE-2022-26717
      https://nvd.nist.gov/vuln/detail/CVE-2022-26717
[ 16 ] CVE-2022-26719
      https://nvd.nist.gov/vuln/detail/CVE-2022-26719
[ 17 ] CVE-2022-30293
      https://nvd.nist.gov/vuln/detail/CVE-2022-30293
[ 18 ] CVE-2022-30294
      https://nvd.nist.gov/vuln/detail/CVE-2022-30294
[ 19 ] CVE-2022-32784
      https://nvd.nist.gov/vuln/detail/CVE-2022-32784
[ 20 ] CVE-2022-32792
      https://nvd.nist.gov/vuln/detail/CVE-2022-32792
[ 21 ] CVE-2022-32893
      https://nvd.nist.gov/vuln/detail/CVE-2022-32893
[ 22 ] WSA-2022-0002
      https://webkitgtk.org/security/WSA-2022-0002.html
[ 23 ] WSA-2022-0003
      https://webkitgtk.org/security/WSA-2022-0003.html
[ 24 ] WSA-2022-0007
      https://webkitgtk.org/security/WSA-2022-0007.html
[ 25 ] WSA-2022-0008
      https://webkitgtk.org/security/WSA-2022-0008.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-39

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo: GLSA-202208-39: WebKitGTK+: Multiple Vulnerabilities

Summary

Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.

Resolution

All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.36.7"

References

[ 1 ] CVE-2022-2294 https://nvd.nist.gov/vuln/detail/CVE-2022-2294 [ 2 ] CVE-2022-22589 https://nvd.nist.gov/vuln/detail/CVE-2022-22589 [ 3 ] CVE-2022-22590 https://nvd.nist.gov/vuln/detail/CVE-2022-22590 [ 4 ] CVE-2022-22592 https://nvd.nist.gov/vuln/detail/CVE-2022-22592 [ 5 ] CVE-2022-22620 https://nvd.nist.gov/vuln/detail/CVE-2022-22620 [ 6 ] CVE-2022-22624 https://nvd.nist.gov/vuln/detail/CVE-2022-22624 [ 7 ] CVE-2022-22628 https://nvd.nist.gov/vuln/detail/CVE-2022-22628 [ 8 ] CVE-2022-22629 https://nvd.nist.gov/vuln/detail/CVE-2022-22629 [ 9 ] CVE-2022-22662 https://nvd.nist.gov/vuln/detail/CVE-2022-22662 [ 10 ] CVE-2022-22677 https://nvd.nist.gov/vuln/detail/CVE-2022-22677 [ 11 ] CVE-2022-26700 https://nvd.nist.gov/vuln/detail/CVE-2022-26700 [ 12 ] CVE-2022-26709 https://nvd.nist.gov/vuln/detail/CVE-2022-26709 [ 13 ] CVE-2022-26710 https://nvd.nist.gov/vuln/detail/CVE-2022-26710 [ 14 ] CVE-2022-26716 https://nvd.nist.gov/vuln/detail/CVE-2022-26716 [ 15 ] CVE-2022-26717 https://nvd.nist.gov/vuln/detail/CVE-2022-26717 [ 16 ] CVE-2022-26719 https://nvd.nist.gov/vuln/detail/CVE-2022-26719 [ 17 ] CVE-2022-30293 https://nvd.nist.gov/vuln/detail/CVE-2022-30293 [ 18 ] CVE-2022-30294 https://nvd.nist.gov/vuln/detail/CVE-2022-30294 [ 19 ] CVE-2022-32784 https://nvd.nist.gov/vuln/detail/CVE-2022-32784 [ 20 ] CVE-2022-32792 https://nvd.nist.gov/vuln/detail/CVE-2022-32792 [ 21 ] CVE-2022-32893 https://nvd.nist.gov/vuln/detail/CVE-2022-32893 [ 22 ] WSA-2022-0002 https://webkitgtk.org/security/WSA-2022-0002.html [ 23 ] WSA-2022-0003 https://webkitgtk.org/security/WSA-2022-0003.html [ 24 ] WSA-2022-0007 https://webkitgtk.org/security/WSA-2022-0007.html [ 25 ] WSA-2022-0008 https://webkitgtk.org/security/WSA-2022-0008.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-39

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to [email protected] or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: High
Title: WebKitGTK+: Multiple Vulnerabilities
Date: August 31, 2022
Bugs: #866494, #864427, #856445, #861740, #837305, #845252, #839984, #833568, #832990
ID: 202208-39

Synopsis

Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.

Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.36.7 >= 2.36.7

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.