glib2-2.56.4-159.el8, webkit2gtk3-2.36.7-1.el8.ML.1

エラータID: AXSA:2022-4319:01

Release date: 
Wednesday, December 7, 2022 - 08:41
Subject: 
glib2-2.56.4-159.el8, webkit2gtk3-2.36.7-1.el8.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.

Security Fix(es):

* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)
* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)
* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)
* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)
* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)
* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)
* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)
* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)
* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)
* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)
* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.7 Release Notes linked from the References section.

CVE-2022-22624
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-22628
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-22629
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-22662
A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information.
CVE-2022-26700
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.
CVE-2022-26709
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-26710
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-26716
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-26717
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-26719
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-30293
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.

Solution: 

Update packages.

CVEs: 
CVE-2022-22624
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-22628
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-22629
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-22662
A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information.
CVE-2022-26700
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.
CVE-2022-26709
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-26710
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-26716
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-26717
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-26719
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-30293
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
Additional Info: 

N/A

Download: 

SRPMS
  1. glib2-2.56.4-159.el8.src.rpm
    MD5: 5603fda574e234bd5941aedad792e17a
    SHA-256: 19518397eb0e1ecb0f2c7700cc130d1448db25c168b675937d2bf08c687bd219
    Size: 6.79 MB
  2. webkit2gtk3-2.36.7-1.el8.ML.1.src.rpm
    MD5: 9170aad0f19759c6b19f96324bff14da
    SHA-256: 03a4d02e8378389e46f466dafe542c8e51c5ce30ee077b5563e72c0f15b67781
    Size: 25.39 MB

Asianux Server 8 for x86_64
  1. glib2-2.56.4-159.el8.x86_64.rpm
    MD5: 173de5d064f35259626892cfd24efaf6
    SHA-256: d3fe16c6e2f1116c778bdf87c714d4aef91e04dc49d0a61373a854d2b5169a4a
    Size: 2.49 MB
  2. glib2-devel-2.56.4-159.el8.x86_64.rpm
    MD5: 64fa133eace19a81a95363405e28167f
    SHA-256: c3a735df46842840c4e0fcddc0a02b963df0911507507f446772d89ccd09b1a3
    Size: 423.77 kB
  3. glib2-doc-2.56.4-159.el8.noarch.rpm
    MD5: b09a31188954a872cfdb78778a57d288
    SHA-256: 409545301795c2e86e04ef485a50e440458c172e0e23d49834147a1c79613657
    Size: 1.57 MB
  4. glib2-fam-2.56.4-159.el8.x86_64.rpm
    MD5: d98c4bd0fda631a833ddae874321dd95
    SHA-256: 7c3171c2bee9ac425156e24d004b74bd732a612fd245e6cd3199786d965640a5
    Size: 12.50 kB
  5. glib2-static-2.56.4-159.el8.x86_64.rpm
    MD5: da5e0b76b6092e3c5ada0ea71b80b22d
    SHA-256: a14a822af2846643befaa95eb7d4c529e8efd6b202ccacdfb9edd41d025db129
    Size: 1.53 MB
  6. glib2-tests-2.56.4-159.el8.x86_64.rpm
    MD5: ce46510cf88866eae37677d71c3178d9
    SHA-256: 6f89860b726bcc44c13ac923ccc130c97269202ce1ed34f233cc1ccccec69886
    Size: 1.76 MB
  7. webkit2gtk3-2.36.7-1.el8.ML.1.x86_64.rpm
    MD5: 2bc0df7e446b781ab98d28d6cdcf3739
    SHA-256: 4d7a6b2494aa3eddaf79f12ce6c897ea66d2f23425052f2afe01fe04cc7789ce
    Size: 18.98 MB
  8. webkit2gtk3-devel-2.36.7-1.el8.ML.1.x86_64.rpm
    MD5: c07339deb2295b9df53e433a07424d5e
    SHA-256: 83caa911921a40650ca473cb948192b1eba3e71b6fe6083dd87cbb8fc8c296db
    Size: 278.11 kB
  9. webkit2gtk3-jsc-2.36.7-1.el8.ML.1.x86_64.rpm
    MD5: 26a41f806cd48392cf3bb0579bff5d68
    SHA-256: 2dfb9b7ae8837f8634fefe0d241baed1ca3a824ae022dd185801f9427328d141
    Size: 6.76 MB
  10. webkit2gtk3-jsc-devel-2.36.7-1.el8.ML.1.x86_64.rpm
    MD5: 6e4987d2f4db5d73011d95836162b72f
    SHA-256: 3ce38d8ae85ad11df93f15c439a0c095dedbbf51243bee503edf541979733192
    Size: 147.30 kB
  11. glib2-2.56.4-159.el8.i686.rpm
    MD5: 72ba38d60ee59079ce5fefc155472efa
    SHA-256: e6b2e09962bd3079f1e7edb5663c5e05190a5b96ab2cb9a2f7da408ebc880204
    Size: 2.58 MB
  12. glib2-devel-2.56.4-159.el8.i686.rpm
    MD5: 470641a50063b91b7d9d8ed14ad84c14
    SHA-256: 747d7283eef9e94c24d05c9c98cecafc058589ff0b77e15f0b411fe8395e3f9b
    Size: 425.43 kB
  13. glib2-static-2.56.4-159.el8.i686.rpm
    MD5: 907c594bc8a64ab70d205122385105c7
    SHA-256: a6ced9a6beb08d147a28326f71a98adb52e3a13ceca4fb611a91a784d49f3568
    Size: 1.68 MB
  14. webkit2gtk3-2.36.7-1.el8.ML.1.i686.rpm
    MD5: b5978ca0fe9b08729eae08879ea4f9c2
    SHA-256: 32f95df424258dd9022acc55dcb77844add365d698eb4b6afc485b573972d356
    Size: 20.62 MB
  15. webkit2gtk3-devel-2.36.7-1.el8.ML.1.i686.rpm
    MD5: 3634a6807970626d6961c28eac52e818
    SHA-256: 3880d4033bee964bccdeb5497c0e4b7d61f6761753e9803ae99105d7c5a353d9
    Size: 282.68 kB
  16. webkit2gtk3-jsc-2.36.7-1.el8.ML.1.i686.rpm
    MD5: caca6709cdf77393dda614d0d4d1e2e3
    SHA-256: 83bf96ffceb26c1781d0115ae330d236dfd622aca61de458056a3a79275cba9d
    Size: 3.75 MB
  17. webkit2gtk3-jsc-devel-2.36.7-1.el8.ML.1.i686.rpm
    MD5: b8271d46cd9a5301d3466b8afbb1e1d5
    SHA-256: 5391bf37495fca9f987e0e4604849f4134e32f67d973755fc0a32d7de997609b
    Size: 152.61 kB