{"id":"ALSA-2023:7055","summary":"Important: webkit2gtk3 security and bug fix update","details":"WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: arbitrary code execution (CVE-2023-32393)\n* webkitgtk: bypass Same Origin Policy (CVE-2023-38572)\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-38592)\n* webkitgtk: arbitrary code execution (CVE-2023-38594)\n* webkitgtk: arbitrary code execution (CVE-2023-38595)\n* webkitgtk: arbitrary code execution (CVE-2023-38597)\n* webkitgtk: arbitrary code execution (CVE-2023-38600)\n* webkitgtk: arbitrary code execution (CVE-2023-38611)\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n* webkitgtk: Same Origin Policy bypass via crafted web content (CVE-2023-27932)\n* webkitgtk: Website may be able to track sensitive user information (CVE-2023-27954)\n* webkitgtk: use after free vulnerability (CVE-2023-28198)\n* webkitgtk: content security policy blacklist failure (CVE-2023-32370)\n* webkitgtk: disclose sensitive information (CVE-2023-38133)\n* webkitgtk: track sensitive user information (CVE-2023-38599)\n* webkitgtk: processing web content may lead to arbitrary code execution (CVE-2023-39434)\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n* webkitgtk: attacker with JavaScript execution may be able to execute arbitrary code (CVE-2023-40451)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.","modified":"2026-01-30T02:31:27.997147Z","published":"2023-11-14T00:00:00Z","related":["CVE-2022-32885","CVE-2023-27932","CVE-2023-27954","CVE-2023-28198","CVE-2023-32370","CVE-2023-32393","CVE-2023-38133","CVE-2023-38572","CVE-2023-38592","CVE-2023-38594","CVE-2023-38595","CVE-2023-38597","CVE-2023-38599","CVE-2023-38600","CVE-2023-38611","CVE-2023-39434","CVE-2023-40397","CVE-2023-40451"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:7055"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-32885"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-27932"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-27954"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-28198"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-32370"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-32393"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-38133"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-38572"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-38592"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-38594"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-38595"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-38597"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-38599"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-38600"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-38611"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-39434"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-40397"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-40451"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2224608"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2231015"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2231017"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2231018"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2231019"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2231020"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2231021"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2231022"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2231028"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2231043"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2236842"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2236843"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2236844"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2238943"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2238944"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2238945"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2241405"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2241409"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2023-7055.html"}],"affected":[{"package":{"name":"webkit2gtk3","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/webkit2gtk3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.40.5-1.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:7055.json"}},{"package":{"name":"webkit2gtk3-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/webkit2gtk3-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.40.5-1.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:7055.json"}},{"package":{"name":"webkit2gtk3-jsc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/webkit2gtk3-jsc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.40.5-1.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:7055.json"}},{"package":{"name":"webkit2gtk3-jsc-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/webkit2gtk3-jsc-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.40.5-1.el8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:7055.json"}}],"schema_version":"1.7.3"}