-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: webkit2gtk3 security, bug fix, and enhancement update
Advisory ID:       RHSA-2022:1777-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:1777
Issue date:        2022-05-10
CVE Names:         CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 
                   CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 
                   CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 
                   CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 
                   CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 
                   CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 
                   CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 
                   CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 
                   CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 
                   CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 
=====================================================================

1. Summary:

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the
GTK platform.

The following packages have been upgraded to a later upstream version:
webkit2gtk3 (2.34.6). (BZ#1985042)

Security Fix(es):

* webkitgtk: maliciously crafted web content may lead to arbitrary code
execution due to use after free (CVE-2022-22620)

* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2021-30809)

* webkitgtk: Type confusion issue leading to arbitrary code execution
(CVE-2021-30818)

* webkitgtk: Logic issue leading to HSTS bypass (CVE-2021-30823)

* webkitgtk: Memory corruption issue leading to arbitrary code execution
(CVE-2021-30846)

* webkitgtk: Memory corruption issue leading to arbitrary code execution
(CVE-2021-30848)

* webkitgtk: Multiple memory corruption issue leading to arbitrary code
execution (CVE-2021-30849)

* webkitgtk: Memory corruption issue leading to arbitrary code execution
(CVE-2021-30851)

* webkitgtk: Logic issue leading to Content Security Policy bypass
(CVE-2021-30887)

* webkitgtk: Information leak via Content Security Policy reports
(CVE-2021-30888)

* webkitgtk: Buffer overflow leading to arbitrary code execution
(CVE-2021-30889)

* webkitgtk: Logic issue leading to universal cross-site scripting
(CVE-2021-30890)

* webkitgtk: Cross-origin data exfiltration via resource timing API
(CVE-2021-30897)

* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30934)

* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30936)

* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30951)

* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30952)

* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30953)

* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30954)

* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2021-30984)

* webkitgtk: Incorrect memory allocation in
WebCore::ImageBufferCairoImageSurfaceBackend::create (CVE-2021-45481)

* webkitgtk: use-after-free in WebCore::ContainerNode::firstChild
(CVE-2021-45482)

* webkitgtk: use-after-free in WebCore::Frame::page (CVE-2021-45483)

* webkitgtk: Processing a maliciously crafted mail message may lead to
running arbitrary javascript (CVE-2022-22589)

* webkitgtk: Processing maliciously crafted web content may lead to
arbitrary code execution (CVE-2022-22590)

* webkitgtk: Processing maliciously crafted web content may prevent Content
Security Policy from being enforced (CVE-2022-22592)

* webkitgtk: A malicious website may exfiltrate data cross-origin
(CVE-2022-22594)

* webkitgtk: logic issue was addressed with improved state management
(CVE-2022-22637)

* webkitgtk: Out-of-bounds read leading to memory disclosure
(CVE-2021-30836)

* webkitgtk: CSS compositing issue leading to revealing of the browsing
history (CVE-2021-30884)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.6 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1985042 - Upgrade WebKitGTK for RHEL 8.6
2017898 - CVE-2021-30846 webkitgtk: Memory corruption issue leading to arbitrary code execution
2017901 - CVE-2021-30848 webkitgtk: Memory corruption issue leading to arbitrary code execution
2017904 - CVE-2021-30849 webkitgtk: Multiple memory corruption issue leading to arbitrary code execution
2018573 - CVE-2021-30851 webkitgtk: Memory corruption issue leading to arbitrary code execution
2034347 - CVE-2021-30809 webkitgtk: Use-after-free leading to arbitrary code execution
2034368 - CVE-2021-30818 webkitgtk: Type confusion issue leading to arbitrary code execution
2034373 - CVE-2021-30823 webkitgtk: Logic issue leading to HSTS bypass
2034376 - CVE-2021-30836 webkitgtk: Out-of-bounds read leading to memory disclosure
2034378 - CVE-2021-30884 webkitgtk: CSS compositing issue leading to revealing of the browsing history
2034381 - CVE-2021-30887 webkitgtk: Logic issue leading to Content Security Policy bypass
2034383 - CVE-2021-30888 webkitgtk: Information leak via Content Security Policy reports
2034386 - CVE-2021-30889 webkitgtk: Buffer overflow leading to arbitrary code execution
2034389 - CVE-2021-30890 webkitgtk: Logic issue leading to universal cross-site scripting
2038907 - CVE-2021-30897 webkitgtk: Cross-origin data exfiltration via resource timing API
2040327 - CVE-2021-45481 webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create
2040329 - CVE-2021-45482 webkitgtk: use-after-free in WebCore::ContainerNode::firstChild
2040331 - CVE-2021-45483 webkitgtk: use-after-free in WebCore::Frame::page
2041559 - Doesn't show document with ongoing resources' download immediately
2044521 - CVE-2021-30934 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044528 - CVE-2021-30936 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044534 - CVE-2021-30951 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044538 - CVE-2021-30952 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044542 - CVE-2021-30953 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044551 - CVE-2021-30954 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2044553 - CVE-2021-30984 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2045291 - CVE-2022-22594 webkitgtk: A malicious website may exfiltrate data cross-origin
2053179 - CVE-2022-22589 webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript
2053181 - CVE-2022-22590 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
2053185 - CVE-2022-22592 webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
2056474 - CVE-2022-22620 webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free
2073903 - CVE-2022-22637 webkitgtk: logic issue was addressed with improved state management

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
webkit2gtk3-2.34.6-1.el8.src.rpm

aarch64:
webkit2gtk3-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm

ppc64le:
webkit2gtk3-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm

s390x:
webkit2gtk3-2.34.6-1.el8.s390x.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm
webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm
webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm

x86_64:
webkit2gtk3-2.34.6-1.el8.i686.rpm
webkit2gtk3-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-devel-2.34.6-1.el8.i686.rpm
webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm
webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-30809
https://access.redhat.com/security/cve/CVE-2021-30818
https://access.redhat.com/security/cve/CVE-2021-30823
https://access.redhat.com/security/cve/CVE-2021-30836
https://access.redhat.com/security/cve/CVE-2021-30846
https://access.redhat.com/security/cve/CVE-2021-30848
https://access.redhat.com/security/cve/CVE-2021-30849
https://access.redhat.com/security/cve/CVE-2021-30851
https://access.redhat.com/security/cve/CVE-2021-30884
https://access.redhat.com/security/cve/CVE-2021-30887
https://access.redhat.com/security/cve/CVE-2021-30888
https://access.redhat.com/security/cve/CVE-2021-30889
https://access.redhat.com/security/cve/CVE-2021-30890
https://access.redhat.com/security/cve/CVE-2021-30897
https://access.redhat.com/security/cve/CVE-2021-30934
https://access.redhat.com/security/cve/CVE-2021-30936
https://access.redhat.com/security/cve/CVE-2021-30951
https://access.redhat.com/security/cve/CVE-2021-30952
https://access.redhat.com/security/cve/CVE-2021-30953
https://access.redhat.com/security/cve/CVE-2021-30954
https://access.redhat.com/security/cve/CVE-2021-30984
https://access.redhat.com/security/cve/CVE-2021-45481
https://access.redhat.com/security/cve/CVE-2021-45482
https://access.redhat.com/security/cve/CVE-2021-45483
https://access.redhat.com/security/cve/CVE-2022-22589
https://access.redhat.com/security/cve/CVE-2022-22590
https://access.redhat.com/security/cve/CVE-2022-22592
https://access.redhat.com/security/cve/CVE-2022-22594
https://access.redhat.com/security/cve/CVE-2022-22620
https://access.redhat.com/security/cve/CVE-2022-22637
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYnqQrdzjgjWX9erEAQi/6BAAhaqaCDj0g7uJ6LdXEng5SqGBFl5g6GIV
p/WSKyL+tI3BpKaaUWr6+d4tNnaQbKxhRTwTSJa8GMrOc7n6Y7LO8Y7mQj3bEFvn
z3HHLZK8EMgDUz4I0esuh0qNWnfsD/vJDuGbXlHLdNLlc5XzgX7YA6eIb1lxSbxV
ueSENHohbMJLbWoeI2gMUYGb5cAzBHrgdmFIsr4XUd6sr5Z1ZOPnQPf36vrXGdzj
mPXPijZtr9QiPgwijm4/DkJG7NQ4KyaPMOKauC7PEB1AHWIwHteRnVxnWuZLjpMf
RqYBQu2pYeTiyGky+ozshJ81mdfLyUQBR/+4KbB2TMFZHDlhxzNFZrErh4+dfQja
Cuf+IwTOSZgC/8XouTQMA27KFSYKd4PzwnB3yQeGU0NA/VngYp12BegeVHlDiadS
hO+mAk/BAAesdywt7ZTU1e1yROLm/jp0VcmvkQO+gh2WhErEFV3s0qnsu1dfuLY7
B1e0z6c/vp8lkSFs2fcx0Oq1S7nGIGZiR66loghp03nDoCcxblsxBcFV9CNq6yVG
BkEAFzMb/AHxqn7KbZeN6g4Los+3Dr7eFYPGUkVEXy+AbHqE+b99pT2TIjCOMh/L
wXOE+nX3KXbD5MCqvmF2K6w+MfIf3AxzzgirwXyLewSP8NKBmsdBtgwbgFam1QfM
Uqt+dghxtOQ=
=LCNn
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce