What Are You Looking For?

Sign Up
MGASA-2022-0059 - Updated webkit2 packages fix security vulnerability

Publication date: 12 Feb 2022
URL: https://advisories.mageia.org/MGASA-2022-0059.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-22589,
     CVE-2022-22590,
     CVE-2022-22592

Processing a maliciously crafted mail message may lead to running arbitrary
javascript. Description: A validation issue was addressed with improved
input sanitization. (CVE-2022-22589)

Processing maliciously crafted web content may lead to arbitrary code
execution. Description: A use after free issue was addressed with
improved memory management. (CVE-2022-22590)

Processing maliciously crafted web content may prevent Content Security
Policy from being enforced. Description: A logic issue was addressed with
improved state management. (CVE-2022-22592)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30018
- https://webkitgtk.org/security/WSA-2022-0002.html
- https://webkitgtk.org/2022/02/09/webkitgtk2.34.5-released.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22589
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22590
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22592

SRPMS:
- 8/core/webkit2-2.34.5-1.mga8

Mageia 2022-0059: webkit2 security update

Processing a maliciously crafted mail message may lead to running arbitrary javascript

Summary

Processing a maliciously crafted mail message may lead to running arbitrary javascript. Description: A validation issue was addressed with improved input sanitization. (CVE-2022-22589)
Processing maliciously crafted web content may lead to arbitrary code execution. Description: A use after free issue was addressed with improved memory management. (CVE-2022-22590)
Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Description: A logic issue was addressed with improved state management. (CVE-2022-22592)

References

- https://bugs.mageia.org/show_bug.cgi?id=30018

- https://webkitgtk.org/security/WSA-2022-0002.html

- https://webkitgtk.org/2022/02/09/webkitgtk2.34.5-released.html

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22589

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22590

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22592

Resolution

MGASA-2022-0059 - Updated webkit2 packages fix security vulnerability

SRPMS

- 8/core/webkit2-2.34.5-1.mga8

Severity
Publication date: 12 Feb 2022
URL: https://advisories.mageia.org/MGASA-2022-0059.html
Type: security
CVE: CVE-2022-22589, CVE-2022-22590, CVE-2022-22592

Related News

Linux Ransomware Poses Significant Threat to Critical Infrastructure

Jul 23, 2023

New Money Message Ransomware Attacks Both Windows & Linux Users

Apr 10, 2023

A DevSecOps Process for Node.js Projects

Jan 24, 2023

PHP Vuln Threatens Confidentiality of Impacted Systems

May 11, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo