ID

VAR-202203-0145

CVE

CVE-2022-22629

TITLE

Apple Safari WebGLMultiDraw Heap-based Buffer Overflow Remote Code Execution Vulnerability

DESCRIPTION

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the WebGLMultiDraw component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. For the stable distribution (bullseye), these problems have been fixed in version 2.36.0-2~deb11u1. We recommend that you upgrade your wpewebkit packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-03-14-3 tvOS 15.4 tvOS 15.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213186. AppleAVD Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory corruption issue was addressed with improved validation. CVE-2022-22666: Marc Schoenefeld, Dr. rer. nat. AVEVideoEncoder Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2022-22634: an anonymous researcher AVEVideoEncoder Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22635: an anonymous researcher AVEVideoEncoder Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22636: an anonymous researcher ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google IOGPUFamily Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36) Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders Kernel Available for: Apple TV 4K and Apple TV HD Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6) Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn MediaRemote Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to identify what other applications a user has installed Description: An access issue was addressed with improved access restrictions. CVE-2022-22670: Brandon Azad Preferences Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Sandbox Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran UIKit Available for: Apple TV 4K and Apple TV HD Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV HD Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google Additional recognition Bluetooth We would like to acknowledge an anonymous researcher for their assistance. Siri We would like to acknowledge an anonymous researcher for their assistance syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance. UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance. WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance. WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance. Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIvyxIACgkQeC9qKD1p rhhDUg//VwUVUUj92pmEmjbj52uKnb1RZohn9dfkA9bESMzRy7wFwMUN973V2SPw T6JpgCab0ZVNxBIfEXJq7wbi2Io08N0UMCE5GPNV0QL79x6ZmYwZREZwdHghrHGh ggQtmYSZPipKLhvVOyXF7PamqHonnibbvfC/iWJSySnmPxQoHG7DoCzrX0wOnVBw dkHEstKVo3eo2/OG/mGhYZw/g8EIAIDQbgP4XTD/m3hRnXbRMFff+7PgaE8cZzdY 45q8ExwqNOTdFoeqsKNmPBIzZJau9fWlekUlGpPXC1ASsiXmiptwvy07RbNLZ1N2 j2lFcLj7Ikzwiwsd7MBIFAMP0OWrT4Ds6YWdcgNX2iBkNoheqqt7AP4kOUnDP28Z VXUriTbra9oPM0ctbZTBrmj7xiYjLbMJ4GRu2kIyGyTG9Wu9xEa3KH5Po1OR1Pxg zG4gXdRIE241E26uee648uIFHhxRcgSdygXANnzkFv5/YslqQdccRD1F6FrJwqgn V+ZFZ17zUhGW37F6Dmnd9LIo9GuiLl14qr1qfUoaQ+J+il2EV1UAv780wxQOuc4I ZnvU4rEjaGmHwSh4/GDUTRFkI/fiA39WYpPkgXKN5yqHJG7AGENaROz3jnOxr/xU JlVOleG7Z6MGdLwHG1i4QaBYrzadFZM20WsEOZ2twQzTVMQUyGk=qxuS -----END PGP SIGNATURE----- . This release includes security and bug fixes, and enhancements. Bugs fixed (https://bugzilla.redhat.com/): 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2142799 - Release of OpenShift Serverless Serving 1.26.0 2142801 - Release of OpenShift Serverless Eventing 1.26.0 5. Bugs fixed (https://bugzilla.redhat.com/): 2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: webkit2gtk3 security and bug fix update Advisory ID: RHSA-2022:8054-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8054 Issue date: 2022-11-15 CVE Names: CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 ==================================================================== 1. Summary: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: webkit2gtk3-2.36.7-1.el9.src.rpm aarch64: webkit2gtk3-2.36.7-1.el9.aarch64.rpm webkit2gtk3-debuginfo-2.36.7-1.el9.aarch64.rpm webkit2gtk3-debugsource-2.36.7-1.el9.aarch64.rpm webkit2gtk3-devel-2.36.7-1.el9.aarch64.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el9.aarch64.rpm webkit2gtk3-jsc-2.36.7-1.el9.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.aarch64.rpm webkit2gtk3-jsc-devel-2.36.7-1.el9.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.aarch64.rpm ppc64le: webkit2gtk3-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-debuginfo-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-debugsource-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-devel-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-jsc-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-jsc-devel-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.ppc64le.rpm s390x: webkit2gtk3-2.36.7-1.el9.s390x.rpm webkit2gtk3-debuginfo-2.36.7-1.el9.s390x.rpm webkit2gtk3-debugsource-2.36.7-1.el9.s390x.rpm webkit2gtk3-devel-2.36.7-1.el9.s390x.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el9.s390x.rpm webkit2gtk3-jsc-2.36.7-1.el9.s390x.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.s390x.rpm webkit2gtk3-jsc-devel-2.36.7-1.el9.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.s390x.rpm x86_64: webkit2gtk3-2.36.7-1.el9.i686.rpm webkit2gtk3-2.36.7-1.el9.x86_64.rpm webkit2gtk3-debuginfo-2.36.7-1.el9.i686.rpm webkit2gtk3-debuginfo-2.36.7-1.el9.x86_64.rpm webkit2gtk3-debugsource-2.36.7-1.el9.i686.rpm webkit2gtk3-debugsource-2.36.7-1.el9.x86_64.rpm webkit2gtk3-devel-2.36.7-1.el9.i686.rpm webkit2gtk3-devel-2.36.7-1.el9.x86_64.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el9.i686.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el9.x86_64.rpm webkit2gtk3-jsc-2.36.7-1.el9.i686.rpm webkit2gtk3-jsc-2.36.7-1.el9.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.i686.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.x86_64.rpm webkit2gtk3-jsc-devel-2.36.7-1.el9.i686.rpm webkit2gtk3-jsc-devel-2.36.7-1.el9.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. Description: Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Security Fix(es): * goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238) * golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * Istio: Denial of service attack via a specially crafted message (CVE-2022-39278) * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) * kiali: error message spoofing in kiali UI (CVE-2022-3962) * golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189) For more details about security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the Container CVEs section. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2148199 - CVE-2022-39278 Istio: Denial of service attack via a specially crafted message 2148661 - CVE-2022-3962 kiali: error message spoofing in kiali UI 2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be 5. JIRA issues fixed (https://issues.jboss.org/): OSSM-1977 - Support for Istio Gateway API in Kiali OSSM-2083 - Update maistra/istio 2.3 to Istio 1.14.5 OSSM-2147 - Unexpected validation message on Gateway object OSSM-2169 - Member controller doesn't retry on conflict OSSM-2170 - Member namespaces aren't cleaned up when a cluster-scoped SMMR is deleted OSSM-2179 - Wasm plugins only support OCI images with 1 layer OSSM-2184 - Istiod isn't allowed to delete analysis distribution report configmap OSSM-2188 - Member namespaces not cleaned up when SMCP is deleted OSSM-2189 - If multiple SMCPs exist in a namespace, the controller reconciles them all OSSM-2190 - The memberroll controller reconciles SMMRs with invalid name OSSM-2232 - The member controller reconciles ServiceMeshMember with invalid name OSSM-2241 - Remove v2.0 from Create ServiceMeshControlPlane Form OSSM-2251 - CVE-2022-3962 openshift-istio-kiali-container: kiali: content spoofing [ossm-2.3] OSSM-2308 - add root CA certificates to kiali container OSSM-2315 - be able to customize openshift auth timeouts OSSM-2324 - Gateway injection does not work when pods are created by cluster admins OSSM-2335 - Potential hang using Traces scatterplot chart OSSM-2338 - Federation deployment does not need router mode sni-dnat OSSM-2344 - Restarting istiod causes Kiali to flood CRI-O with port-forward requests OSSM-2375 - Istiod should log member namespaces on every update OSSM-2376 - ServiceMesh federation stops working after the restart of istiod pod OSSM-535 - Support validationMessages in SMCP OSSM-827 - ServiceMeshMembers point to wrong SMCP name 6. Bugs fixed (https://bugzilla.redhat.com/): 2134876 - CVE-2022-37601 loader-utils: prototype pollution in function parseQuery in parseQuery.js 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service 2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing 2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process 2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method 2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service 2156683 - CVE-2020-36567 gin: Unsanitized input in the default logger in github.com/gin-gonic/gin 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed (https://issues.jboss.org/): MTA-103 - MTA 6.0.1 Installation failed with CrashLoop Error for UI Pod MTA-106 - Implement ability for windup addon image pull policy to be configurable MTA-122 - MTA is upgrading automatically ignoring 'Manual' setting MTA-123 - MTA Becomes unusable when running bulk binary analysis MTA-127 - After upgrading MTA operator from 6.0.0 to 6.0.1 and running analysis , task pods starts failing MTA-131 - Analysis stops working after MTA upgrade from 6.0.0 to 6.0.1 MTA-36 - Can't disable a proxy if it has an invalid configuration MTA-44 - Make RWX volumes optional. MTA-49 - Uploaded a local binary when return back to the page the UI should show green bar and correct % MTA-59 - Getting error 401 if deleting many credentials quickly MTA-65 - Set windup addon image pull policy to be controlled by the global image_pull_policy parameter MTA-72 - CVE-2022-46175 mta-ui-container: json5: Prototype Pollution in JSON5 via Parse Method [mta-6] MTA-73 - CVE-2022-37601 mta-ui-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js [mta-6] MTA-74 - CVE-2020-36567 mta-windup-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-76 - CVE-2022-37603 mta-ui-container: loader-utils:Regular expression denial of service [mta-6] MTA-77 - CVE-2020-36567 mta-hub-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-80 - CVE-2021-35065 mta-ui-container: glob-parent: Regular Expression Denial of Service [mta-6] MTA-82 - CVE-2022-42920 org.jboss.windup-windup-cli-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0] MTA-85 - CVE-2022-24999 mta-ui-container: express: "qs" prototype poisoning causes the hang of the node process [mta-6] MTA-88 - CVE-2020-36567 mta-admin-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-92 - CVE-2022-42920 org.jboss.windup.plugin-windup-maven-plugin-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0] MTA-96 - [UI] Maven -> "Local artifact repository" textbox can be checked and has no tooltip 6. Description: Service Binding manages the data plane for applications and backing services. Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed (https://issues.jboss.org/): APPSVC-1204 - Provisioned Service discovery APPSVC-1256 - CVE-2022-41717 6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: WebKitGTK+: Multiple Vulnerabilities Date: August 31, 2022 Bugs: #866494, #864427, #856445, #861740, #837305, #845252, #839984, #833568, #832990 ID: 202208-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.36.7 >= 2.36.7 Description ========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.36.7" References ========= [ 1 ] CVE-2022-2294 https://nvd.nist.gov/vuln/detail/CVE-2022-2294 [ 2 ] CVE-2022-22589 https://nvd.nist.gov/vuln/detail/CVE-2022-22589 [ 3 ] CVE-2022-22590 https://nvd.nist.gov/vuln/detail/CVE-2022-22590 [ 4 ] CVE-2022-22592 https://nvd.nist.gov/vuln/detail/CVE-2022-22592 [ 5 ] CVE-2022-22620 https://nvd.nist.gov/vuln/detail/CVE-2022-22620 [ 6 ] CVE-2022-22624 https://nvd.nist.gov/vuln/detail/CVE-2022-22624 [ 7 ] CVE-2022-22628 https://nvd.nist.gov/vuln/detail/CVE-2022-22628 [ 8 ] CVE-2022-22629 https://nvd.nist.gov/vuln/detail/CVE-2022-22629 [ 9 ] CVE-2022-22662 https://nvd.nist.gov/vuln/detail/CVE-2022-22662 [ 10 ] CVE-2022-22677 https://nvd.nist.gov/vuln/detail/CVE-2022-22677 [ 11 ] CVE-2022-26700 https://nvd.nist.gov/vuln/detail/CVE-2022-26700 [ 12 ] CVE-2022-26709 https://nvd.nist.gov/vuln/detail/CVE-2022-26709 [ 13 ] CVE-2022-26710 https://nvd.nist.gov/vuln/detail/CVE-2022-26710 [ 14 ] CVE-2022-26716 https://nvd.nist.gov/vuln/detail/CVE-2022-26716 [ 15 ] CVE-2022-26717 https://nvd.nist.gov/vuln/detail/CVE-2022-26717 [ 16 ] CVE-2022-26719 https://nvd.nist.gov/vuln/detail/CVE-2022-26719 [ 17 ] CVE-2022-30293 https://nvd.nist.gov/vuln/detail/CVE-2022-30293 [ 18 ] CVE-2022-30294 https://nvd.nist.gov/vuln/detail/CVE-2022-30294 [ 19 ] CVE-2022-32784 https://nvd.nist.gov/vuln/detail/CVE-2022-32784 [ 20 ] CVE-2022-32792 https://nvd.nist.gov/vuln/detail/CVE-2022-32792 [ 21 ] CVE-2022-32893 https://nvd.nist.gov/vuln/detail/CVE-2022-32893 [ 22 ] WSA-2022-0002 https://webkitgtk.org/security/WSA-2022-0002.html [ 23 ] WSA-2022-0003 https://webkitgtk.org/security/WSA-2022-0003.html [ 24 ] WSA-2022-0007 https://webkitgtk.org/security/WSA-2022-0007.html [ 25 ] WSA-2022-0008 https://webkitgtk.org/security/WSA-2022-0008.html Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-39 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

TYPE

overflow, code execution

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Anonymous

SOURCES

LAST UPDATE DATE

2025-10-11T20:49:16.961000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE