Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-22629
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Apple | Safari |
Version: unspecified < 15.4 |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:21:48.864Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213182" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213193" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213183" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213186" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213188" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213187" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Safari", "vendor": "Apple", "versions": [ { "lessThan": "15.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "12.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "8.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "12.12", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "12.12", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-23T19:02:49", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213182" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213193" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213183" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213186" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213188" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213187" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-22629", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Safari", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.4" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.4" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.3" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.4" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.5" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.12" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.12" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Processing maliciously crafted web content may lead to arbitrary code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213182", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213182" }, { "name": "https://support.apple.com/en-us/HT213193", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213193" }, { "name": "https://support.apple.com/en-us/HT213183", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213183" }, { "name": "https://support.apple.com/en-us/HT213186", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213186" }, { "name": "https://support.apple.com/en-us/HT213188", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213188" }, { "name": "https://support.apple.com/en-us/HT213187", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213187" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-22629", "datePublished": "2022-09-23T19:02:49", "dateReserved": "2022-01-05T00:00:00", "dateUpdated": "2024-08-03T03:21:48.864Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-22629\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2022-09-23T20:15:09.307\",\"lastModified\":\"2024-11-21T06:47:09.853\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de desbordamiento de b\u00fafer con un manejo de memoria mejorado. Este problema ha sido corregido en macOS Monterey versi\u00f3n 12.3, Safari versi\u00f3n 15.4, watchOS versi\u00f3n 8.5, iTunes versi\u00f3n 12.12.3 para Windows, iOS versi\u00f3n 15.4 y iPadOS versi\u00f3n 15.4, tvOS versi\u00f3n 15.4. El procesamiento de contenido web dise\u00f1ado de forma maliciosa puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"12.12.3\",\"matchCriteriaId\":\"FE2CA024-A142-4860-8AAB-D8527CF69D34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.4\",\"matchCriteriaId\":\"2B5E9A8F-FFF6-432A-9E8A-074B53B29507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.4\",\"matchCriteriaId\":\"7A28B309-0018-46A4-A533-F10428F689B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.4\",\"matchCriteriaId\":\"1E4C3F0C-E368-4F79-B42E-E5EB0FB5E767\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.3\",\"matchCriteriaId\":\"9422A022-F279-4596-BC97-3223611D73DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.4\",\"matchCriteriaId\":\"70A2E262-1C91-4030-A2D5-E089C271EA34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.5\",\"matchCriteriaId\":\"17C8B971-2F25-4961-B1AF-F4AAB1848990\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT213182\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213183\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213186\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213187\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213188\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213193\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213182\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213183\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213186\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213188\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213193\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}" } }
ghsa-pp63-cgj5-h996
Vulnerability from github
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
{ "affected": [], "aliases": [ "CVE-2022-22629" ], "database_specific": { "cwe_ids": [ "CWE-787" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2022-09-23T20:15:00Z", "severity": "HIGH" }, "details": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.", "id": "GHSA-pp63-cgj5-h996", "modified": "2022-09-28T00:00:25Z", "published": "2022-09-25T00:00:16Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22629" }, { "type": "WEB", "url": "https://support.apple.com/en-us/HT213182" }, { "type": "WEB", "url": "https://support.apple.com/en-us/HT213183" }, { "type": "WEB", "url": "https://support.apple.com/en-us/HT213186" }, { "type": "WEB", "url": "https://support.apple.com/en-us/HT213187" }, { "type": "WEB", "url": "https://support.apple.com/en-us/HT213188" }, { "type": "WEB", "url": "https://support.apple.com/en-us/HT213193" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
WID-SEC-W-2022-2044
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-2044 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2044.json" }, { "category": "self", "summary": "WID-SEC-2022-2044 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2044" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7447" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7458" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7514" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7548" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7558" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7822" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7704" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7622" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7639" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8008 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:8008" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-7704 vom 2022-11-15", "url": "https://linux.oracle.com/errata/ELSA-2022-7704.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8431 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:8431" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-7458 vom 2022-11-15", "url": "https://linux.oracle.com/errata/ELSA-2022-7458.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7935 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:7935" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7950 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:7950" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8139 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:8139" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8062 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:8062" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8054 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:8054" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8011 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:8011" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-8054 vom 2022-11-22", "url": "https://linux.oracle.com/errata/ELSA-2022-8054.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-7822 vom 2022-11-24", "url": "http://linux.oracle.com/errata/ELSA-2022-7822.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-8431 vom 2022-11-24", "url": "http://linux.oracle.com/errata/ELSA-2022-8431.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-10031 vom 2022-11-29", "url": "https://linux.oracle.com/errata/ELSA-2022-10031.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8626 vom 2022-11-29", "url": "https://access.redhat.com/errata/RHSA-2022:8626" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8781 vom 2022-12-08", "url": "https://access.redhat.com/errata/RHSA-2022:8781" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202212-02 vom 2022-12-19", "url": "https://security.gentoo.org/glsa/202212-02" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7398 vom 2023-01-18", "url": "https://access.redhat.com/errata/RHSA-2022:7398" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1275 vom 2023-03-15", "url": "https://access.redhat.com/errata/RHSA-2023:1275" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:2193 vom 2023-05-09", "url": "https://access.redhat.com/errata/RHSA-2023:2193" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:2758 vom 2023-05-16", "url": "https://access.redhat.com/errata/RHSA-2023:2758" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:2802 vom 2023-05-16", "url": "https://access.redhat.com/errata/RHSA-2023:2802" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2023-2116 vom 2023-07-20", "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2116.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2024-2468 vom 2024-02-19", "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2468.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2024-2452 vom 2024-02-06", "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2452.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALASR4-2023-001 vom 2024-01-23", "url": "https://alas.aws.amazon.com/AL2/ALASR4-2023-001.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2045 vom 2024-04-25", "url": "https://access.redhat.com/errata/RHSA-2024:2045" } ], "source_lang": "en-US", "title": "Red Hat Enterprise Linux: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-04-24T22:00:00.000+00:00", "generator": { "date": "2024-04-25T11:03:23.094+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-2044", "initial_release_date": "2022-11-08T23:00:00.000+00:00", "revision_history": [ { "date": "2022-11-08T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-11-15T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen" }, { "date": "2022-11-23T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2022-11-28T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen" }, { "date": "2022-12-07T23:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-12-18T23:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Gentoo aufgenommen" }, { "date": "2023-01-17T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-03-15T23:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-05-09T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-05-16T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-20T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-01-22T23:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-02-05T23:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-02-19T23:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-04-24T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "15" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "category": "product_version", "name": "8", "product": { "name": "Red Hat Enterprise Linux 8", "product_id": "T014111", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8" } } } ], "category": "product_name", "name": "Enterprise Linux" }, { "category": "product_name", "name": "Red Hat OpenShift", "product": { "name": "Red Hat OpenShift", "product_id": "T008027", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:-" } } } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-4048", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2021-4048" }, { "cve": "CVE-2021-44269", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2021-44269" }, { "cve": "CVE-2022-1049", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-1049" }, { "cve": "CVE-2022-21682", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-21682" }, { "cve": "CVE-2022-22624", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-22624" }, { "cve": "CVE-2022-22628", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-22628" }, { "cve": "CVE-2022-22629", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-22629" }, { "cve": "CVE-2022-22662", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-22662" }, { "cve": "CVE-2022-25308", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-25308" }, { "cve": "CVE-2022-25309", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-25309" }, { "cve": "CVE-2022-25310", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-25310" }, { "cve": "CVE-2022-26700", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-26700" }, { "cve": "CVE-2022-26709", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-26709" }, { "cve": "CVE-2022-26710", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-26710" }, { "cve": "CVE-2022-26716", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-26716" }, { "cve": "CVE-2022-26717", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-26717" }, { "cve": "CVE-2022-26719", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-26719" }, { "cve": "CVE-2022-2989", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-2989" }, { "cve": "CVE-2022-2990", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-2990" }, { "cve": "CVE-2022-30293", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-30293" }, { "cve": "CVE-2022-30698", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-30698" }, { "cve": "CVE-2022-30699", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-30699" }, { "cve": "CVE-2022-32189", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-32189" } ] }
wid-sec-w-2022-2044
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-2044 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2044.json" }, { "category": "self", "summary": "WID-SEC-2022-2044 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2044" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7447" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7458" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7514" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7548" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7558" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7822" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7704" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7622" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-11-08", "url": "https://access.redhat.com/errata/RHSA-2022:7639" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8008 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:8008" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-7704 vom 2022-11-15", "url": "https://linux.oracle.com/errata/ELSA-2022-7704.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8431 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:8431" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-7458 vom 2022-11-15", "url": "https://linux.oracle.com/errata/ELSA-2022-7458.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7935 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:7935" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7950 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:7950" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8139 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:8139" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8062 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:8062" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8054 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:8054" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8011 vom 2022-11-15", "url": "https://access.redhat.com/errata/RHSA-2022:8011" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-8054 vom 2022-11-22", "url": "https://linux.oracle.com/errata/ELSA-2022-8054.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-7822 vom 2022-11-24", "url": "http://linux.oracle.com/errata/ELSA-2022-7822.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-8431 vom 2022-11-24", "url": "http://linux.oracle.com/errata/ELSA-2022-8431.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-10031 vom 2022-11-29", "url": "https://linux.oracle.com/errata/ELSA-2022-10031.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8626 vom 2022-11-29", "url": "https://access.redhat.com/errata/RHSA-2022:8626" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8781 vom 2022-12-08", "url": "https://access.redhat.com/errata/RHSA-2022:8781" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202212-02 vom 2022-12-19", "url": "https://security.gentoo.org/glsa/202212-02" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7398 vom 2023-01-18", "url": "https://access.redhat.com/errata/RHSA-2022:7398" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1275 vom 2023-03-15", "url": "https://access.redhat.com/errata/RHSA-2023:1275" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:2193 vom 2023-05-09", "url": "https://access.redhat.com/errata/RHSA-2023:2193" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:2758 vom 2023-05-16", "url": "https://access.redhat.com/errata/RHSA-2023:2758" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:2802 vom 2023-05-16", "url": "https://access.redhat.com/errata/RHSA-2023:2802" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2023-2116 vom 2023-07-20", "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2116.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2024-2468 vom 2024-02-19", "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2468.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2024-2452 vom 2024-02-06", "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2452.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALASR4-2023-001 vom 2024-01-23", "url": "https://alas.aws.amazon.com/AL2/ALASR4-2023-001.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2045 vom 2024-04-25", "url": "https://access.redhat.com/errata/RHSA-2024:2045" } ], "source_lang": "en-US", "title": "Red Hat Enterprise Linux: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-04-24T22:00:00.000+00:00", "generator": { "date": "2024-04-25T11:03:23.094+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-2044", "initial_release_date": "2022-11-08T23:00:00.000+00:00", "revision_history": [ { "date": "2022-11-08T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-11-15T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen" }, { "date": "2022-11-23T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2022-11-28T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen" }, { "date": "2022-12-07T23:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-12-18T23:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Gentoo aufgenommen" }, { "date": "2023-01-17T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-03-15T23:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-05-09T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-05-16T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-20T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-01-22T23:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-02-05T23:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-02-19T23:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-04-24T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "15" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "category": "product_version", "name": "8", "product": { "name": "Red Hat Enterprise Linux 8", "product_id": "T014111", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8" } } } ], "category": "product_name", "name": "Enterprise Linux" }, { "category": "product_name", "name": "Red Hat OpenShift", "product": { "name": "Red Hat OpenShift", "product_id": "T008027", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:-" } } } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-4048", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2021-4048" }, { "cve": "CVE-2021-44269", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2021-44269" }, { "cve": "CVE-2022-1049", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-1049" }, { "cve": "CVE-2022-21682", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-21682" }, { "cve": "CVE-2022-22624", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-22624" }, { "cve": "CVE-2022-22628", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-22628" }, { "cve": "CVE-2022-22629", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-22629" }, { "cve": "CVE-2022-22662", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-22662" }, { "cve": "CVE-2022-25308", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-25308" }, { "cve": "CVE-2022-25309", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-25309" }, { "cve": "CVE-2022-25310", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-25310" }, { "cve": "CVE-2022-26700", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-26700" }, { "cve": "CVE-2022-26709", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-26709" }, { "cve": "CVE-2022-26710", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-26710" }, { "cve": "CVE-2022-26716", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-26716" }, { "cve": "CVE-2022-26717", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-26717" }, { "cve": "CVE-2022-26719", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-26719" }, { "cve": "CVE-2022-2989", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-2989" }, { "cve": "CVE-2022-2990", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-2990" }, { "cve": "CVE-2022-30293", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-30293" }, { "cve": "CVE-2022-30698", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-30698" }, { "cve": "CVE-2022-30699", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-30699" }, { "cve": "CVE-2022-32189", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T008027", "67646", "398363", "T012167", "T004914", "T014111" ] }, "release_date": "2022-11-08T23:00:00Z", "title": "CVE-2022-32189" } ] }
wid-sec-w-2022-1056
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, , um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- MacOS X", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-1056 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1056.json" }, { "category": "self", "summary": "WID-SEC-2022-1056 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1056" }, { "category": "external", "summary": "Apple Security Advisory vom 2022-03-14", "url": "https://support.apple.com/en-us/HT213183" }, { "category": "external", "summary": "Apple Security Advisory vom 2022-03-14", "url": "https://support.apple.com/en-us/HT213184" }, { "category": "external", "summary": "Apple Security Advisory vom 2022-03-14", "url": "https://support.apple.com/en-us/HT213185" }, { "category": "external", "summary": "PoC von TrendMicro vom 2022-03-14", "url": "https://www.trendmicro.com/en_us/research/22/d/macos-suhelper-root-privilege-escalation-vulnerability-a-deep-di.html" } ], "source_lang": "en-US", "title": "Apple macOS: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-06-21T22:00:00.000+00:00", "generator": { "date": "2024-02-15T16:55:41.505+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-1056", "initial_release_date": "2022-03-14T23:00:00.000+00:00", "revision_history": [ { "date": "2022-03-14T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-04-05T22:00:00.000+00:00", "number": "2", "summary": "Exploit aufgenommen" }, { "date": "2022-08-16T22:00:00.000+00:00", "number": "3", "summary": "CVE erg\u00e4nzt" }, { "date": "2023-06-21T22:00:00.000+00:00", "number": "4", "summary": "CVE erg\u00e4nzt" } ], "status": "final", "version": "4" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Apple macOS Monterey \u003c 12.3", "product": { "name": "Apple macOS Monterey \u003c 12.3", "product_id": "T022329", "product_identification_helper": { "cpe": "cpe:/o:apple:mac_os:monterey__12.3" } } }, { "category": "product_name", "name": "Apple macOS Big Sur \u003c 11.6.5", "product": { "name": "Apple macOS Big Sur \u003c 11.6.5", "product_id": "T022330", "product_identification_helper": { "cpe": "cpe:/o:apple:mac_os:big_sur__11.6.5" } } }, { "category": "product_name", "name": "Apple macOS Catalina", "product": { "name": "Apple macOS Catalina", "product_id": "T022331", "product_identification_helper": { "cpe": "cpe:/o:apple:mac_os:catalina" } } } ], "category": "product_name", "name": "macOS" } ], "category": "vendor", "name": "Apple" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-46706", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-46706" }, { "cve": "CVE-2022-26690", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-26690" }, { "cve": "CVE-2022-26688", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-26688" }, { "cve": "CVE-2022-22672", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22672" }, { "cve": "CVE-2022-22669", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22669" }, { "cve": "CVE-2022-22668", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22668" }, { "cve": "CVE-2022-22665", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22665" }, { "cve": "CVE-2022-22664", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22664" }, { "cve": "CVE-2022-22662", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22662" }, { "cve": "CVE-2022-22661", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22661" }, { "cve": "CVE-2022-22660", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22660" }, { "cve": "CVE-2022-22657", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22657" }, { "cve": "CVE-2022-22656", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22656" }, { "cve": "CVE-2022-22655", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22655" }, { "cve": "CVE-2022-22651", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22651" }, { "cve": "CVE-2022-22650", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22650" }, { "cve": "CVE-2022-22648", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22648" }, { "cve": "CVE-2022-22647", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22647" }, { "cve": "CVE-2022-22644", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22644" }, { "cve": "CVE-2022-22643", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22643" }, { "cve": "CVE-2022-22641", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22641" }, { "cve": "CVE-2022-22640", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22640" }, { "cve": "CVE-2022-22639", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22639" }, { "cve": "CVE-2022-22638", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22638" }, { "cve": "CVE-2022-22637", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22637" }, { "cve": "CVE-2022-22633", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22633" }, { "cve": "CVE-2022-22632", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22632" }, { "cve": "CVE-2022-22631", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22631" }, { "cve": "CVE-2022-22630", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22630" }, { "cve": "CVE-2022-22629", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22629" }, { "cve": "CVE-2022-22628", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22628" }, { "cve": "CVE-2022-22627", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22627" }, { "cve": "CVE-2022-22626", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22626" }, { "cve": "CVE-2022-22625", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22625" }, { "cve": "CVE-2022-22624", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22624" }, { "cve": "CVE-2022-22623", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22623" }, { "cve": "CVE-2022-22621", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22621" }, { "cve": "CVE-2022-22617", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22617" }, { "cve": "CVE-2022-22616", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22616" }, { "cve": "CVE-2022-22615", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22615" }, { "cve": "CVE-2022-22614", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22614" }, { "cve": "CVE-2022-22613", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22613" }, { "cve": "CVE-2022-22612", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22612" }, { "cve": "CVE-2022-22611", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22611" }, { "cve": "CVE-2022-22610", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22610" }, { "cve": "CVE-2022-22609", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22609" }, { "cve": "CVE-2022-22600", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22600" }, { "cve": "CVE-2022-22599", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22599" }, { "cve": "CVE-2022-22597", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22597" }, { "cve": "CVE-2022-22582", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22582" }, { "cve": "CVE-2022-0158", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-0158" }, { "cve": "CVE-2022-0156", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-0156" }, { "cve": "CVE-2022-0128", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-0128" }, { "cve": "CVE-2021-46059", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-46059" }, { "cve": "CVE-2021-4193", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-4193" }, { "cve": "CVE-2021-4192", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-4192" }, { "cve": "CVE-2021-4187", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-4187" }, { "cve": "CVE-2021-4173", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-4173" }, { "cve": "CVE-2021-4166", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-4166" }, { "cve": "CVE-2021-4136", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-4136" }, { "cve": "CVE-2021-36976", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-36976" }, { "cve": "CVE-2021-30918", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-30918" }, { "cve": "CVE-2021-22947", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-22947" }, { "cve": "CVE-2021-22946", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-22946" }, { "cve": "CVE-2021-22945", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-22945" } ] }
WID-SEC-W-2022-1056
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, , um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- MacOS X", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-1056 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1056.json" }, { "category": "self", "summary": "WID-SEC-2022-1056 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1056" }, { "category": "external", "summary": "Apple Security Advisory vom 2022-03-14", "url": "https://support.apple.com/en-us/HT213183" }, { "category": "external", "summary": "Apple Security Advisory vom 2022-03-14", "url": "https://support.apple.com/en-us/HT213184" }, { "category": "external", "summary": "Apple Security Advisory vom 2022-03-14", "url": "https://support.apple.com/en-us/HT213185" }, { "category": "external", "summary": "PoC von TrendMicro vom 2022-03-14", "url": "https://www.trendmicro.com/en_us/research/22/d/macos-suhelper-root-privilege-escalation-vulnerability-a-deep-di.html" } ], "source_lang": "en-US", "title": "Apple macOS: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-06-21T22:00:00.000+00:00", "generator": { "date": "2024-02-15T16:55:41.505+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-1056", "initial_release_date": "2022-03-14T23:00:00.000+00:00", "revision_history": [ { "date": "2022-03-14T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-04-05T22:00:00.000+00:00", "number": "2", "summary": "Exploit aufgenommen" }, { "date": "2022-08-16T22:00:00.000+00:00", "number": "3", "summary": "CVE erg\u00e4nzt" }, { "date": "2023-06-21T22:00:00.000+00:00", "number": "4", "summary": "CVE erg\u00e4nzt" } ], "status": "final", "version": "4" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Apple macOS Monterey \u003c 12.3", "product": { "name": "Apple macOS Monterey \u003c 12.3", "product_id": "T022329", "product_identification_helper": { "cpe": "cpe:/o:apple:mac_os:monterey__12.3" } } }, { "category": "product_name", "name": "Apple macOS Big Sur \u003c 11.6.5", "product": { "name": "Apple macOS Big Sur \u003c 11.6.5", "product_id": "T022330", "product_identification_helper": { "cpe": "cpe:/o:apple:mac_os:big_sur__11.6.5" } } }, { "category": "product_name", "name": "Apple macOS Catalina", "product": { "name": "Apple macOS Catalina", "product_id": "T022331", "product_identification_helper": { "cpe": "cpe:/o:apple:mac_os:catalina" } } } ], "category": "product_name", "name": "macOS" } ], "category": "vendor", "name": "Apple" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-46706", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-46706" }, { "cve": "CVE-2022-26690", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-26690" }, { "cve": "CVE-2022-26688", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-26688" }, { "cve": "CVE-2022-22672", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22672" }, { "cve": "CVE-2022-22669", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22669" }, { "cve": "CVE-2022-22668", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22668" }, { "cve": "CVE-2022-22665", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22665" }, { "cve": "CVE-2022-22664", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22664" }, { "cve": "CVE-2022-22662", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22662" }, { "cve": "CVE-2022-22661", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22661" }, { "cve": "CVE-2022-22660", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22660" }, { "cve": "CVE-2022-22657", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22657" }, { "cve": "CVE-2022-22656", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22656" }, { "cve": "CVE-2022-22655", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22655" }, { "cve": "CVE-2022-22651", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22651" }, { "cve": "CVE-2022-22650", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22650" }, { "cve": "CVE-2022-22648", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22648" }, { "cve": "CVE-2022-22647", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22647" }, { "cve": "CVE-2022-22644", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22644" }, { "cve": "CVE-2022-22643", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22643" }, { "cve": "CVE-2022-22641", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22641" }, { "cve": "CVE-2022-22640", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22640" }, { "cve": "CVE-2022-22639", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22639" }, { "cve": "CVE-2022-22638", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22638" }, { "cve": "CVE-2022-22637", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22637" }, { "cve": "CVE-2022-22633", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22633" }, { "cve": "CVE-2022-22632", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22632" }, { "cve": "CVE-2022-22631", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22631" }, { "cve": "CVE-2022-22630", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22630" }, { "cve": "CVE-2022-22629", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22629" }, { "cve": "CVE-2022-22628", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22628" }, { "cve": "CVE-2022-22627", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22627" }, { "cve": "CVE-2022-22626", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22626" }, { "cve": "CVE-2022-22625", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22625" }, { "cve": "CVE-2022-22624", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22624" }, { "cve": "CVE-2022-22623", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22623" }, { "cve": "CVE-2022-22621", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22621" }, { "cve": "CVE-2022-22617", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22617" }, { "cve": "CVE-2022-22616", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22616" }, { "cve": "CVE-2022-22615", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22615" }, { "cve": "CVE-2022-22614", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22614" }, { "cve": "CVE-2022-22613", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22613" }, { "cve": "CVE-2022-22612", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22612" }, { "cve": "CVE-2022-22611", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22611" }, { "cve": "CVE-2022-22610", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22610" }, { "cve": "CVE-2022-22609", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22609" }, { "cve": "CVE-2022-22600", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22600" }, { "cve": "CVE-2022-22599", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22599" }, { "cve": "CVE-2022-22597", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22597" }, { "cve": "CVE-2022-22582", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-22582" }, { "cve": "CVE-2022-0158", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-0158" }, { "cve": "CVE-2022-0156", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-0156" }, { "cve": "CVE-2022-0128", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2022-0128" }, { "cve": "CVE-2021-46059", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-46059" }, { "cve": "CVE-2021-4193", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-4193" }, { "cve": "CVE-2021-4192", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-4192" }, { "cve": "CVE-2021-4187", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-4187" }, { "cve": "CVE-2021-4173", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-4173" }, { "cve": "CVE-2021-4166", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-4166" }, { "cve": "CVE-2021-4136", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-4136" }, { "cve": "CVE-2021-36976", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-36976" }, { "cve": "CVE-2021-30918", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-30918" }, { "cve": "CVE-2021-22947", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-22947" }, { "cve": "CVE-2021-22946", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-22946" }, { "cve": "CVE-2021-22945", "notes": [ { "category": "description", "text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Accelerate Framework, AMD, AppKit, AppleGraphicsControl, AppleScript, BOM, Curl, FaceTime, ImageIO, Intel Graphics Driver, IOGPUFamily, Kernel, libarchive, Login Window, GarageBand MIDI, NSSpellChecker, PackageKit, Preferences, QuickTime Player, Safari Downloads, Sandbox, Siri, SMB, SoftwareUpdate, System Preferences, UIKit, Vim, VoiceOver, WebKit, Wi-Fi und Xar. Ein entfernter anonymer, authentisierter, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, einen Spoofing-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T022331" ] }, "release_date": "2022-03-14T23:00:00Z", "title": "CVE-2021-22945" } ] }
rhsa-2022_7704
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nGLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)\n\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)\n\n* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7704", "url": "https://access.redhat.com/errata/RHSA-2022:7704" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index" }, { "category": "external", "summary": "2061994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061994" }, { "category": "external", "summary": "2073893", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073893" }, { "category": "external", "summary": "2073896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073896" }, { "category": "external", "summary": "2073899", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073899" }, { "category": "external", "summary": "2082548", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082548" }, { "category": "external", "summary": "2092732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092732" }, { "category": "external", "summary": "2092733", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092733" }, { "category": "external", "summary": "2092734", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092734" }, { "category": "external", "summary": "2092735", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092735" }, { "category": "external", "summary": "2092736", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092736" }, { "category": "external", "summary": "2099334", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099334" }, { "category": "external", "summary": "2104787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104787" }, { "category": "external", "summary": "2104789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104789" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7704.json" } ], "title": "Red Hat Security Advisory: webkit2gtk3 security and bug fix update", "tracking": { "current_release_date": "2024-11-22T19:06:55+00:00", "generator": { "date": "2024-11-22T19:06:55+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:7704", "initial_release_date": "2022-11-08T09:56:52+00:00", "revision_history": [ { "date": "2022-11-08T09:56:52+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-08T09:56:52+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T19:06:55+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product": { "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos" } } }, { "category": "product_name", "name": "Red Hat CodeReady Linux Builder (v. 8)", "product": { "name": "Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::crb" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "glib2-0:2.56.4-159.el8.src", "product": { "name": "glib2-0:2.56.4-159.el8.src", "product_id": "glib2-0:2.56.4-159.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2@2.56.4-159.el8?arch=src" } } }, { "category": "product_version", "name": "webkit2gtk3-0:2.36.7-1.el8.src", "product": { "name": "webkit2gtk3-0:2.36.7-1.el8.src", "product_id": "webkit2gtk3-0:2.36.7-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "glib2-0:2.56.4-159.el8.aarch64", "product": { "name": "glib2-0:2.56.4-159.el8.aarch64", "product_id": "glib2-0:2.56.4-159.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2@2.56.4-159.el8?arch=aarch64" } } }, { "category": "product_version", "name": "glib2-devel-0:2.56.4-159.el8.aarch64", "product": { "name": "glib2-devel-0:2.56.4-159.el8.aarch64", "product_id": "glib2-devel-0:2.56.4-159.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel@2.56.4-159.el8?arch=aarch64" } } }, { "category": "product_version", "name": "glib2-fam-0:2.56.4-159.el8.aarch64", "product": { "name": "glib2-fam-0:2.56.4-159.el8.aarch64", "product_id": "glib2-fam-0:2.56.4-159.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-fam@2.56.4-159.el8?arch=aarch64" } } }, { "category": "product_version", "name": "glib2-tests-0:2.56.4-159.el8.aarch64", "product": { "name": "glib2-tests-0:2.56.4-159.el8.aarch64", "product_id": "glib2-tests-0:2.56.4-159.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests@2.56.4-159.el8?arch=aarch64" } } }, { "category": "product_version", "name": "glib2-debugsource-0:2.56.4-159.el8.aarch64", "product": { "name": "glib2-debugsource-0:2.56.4-159.el8.aarch64", "product_id": "glib2-debugsource-0:2.56.4-159.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debugsource@2.56.4-159.el8?arch=aarch64" } } }, { "category": "product_version", "name": "glib2-debuginfo-0:2.56.4-159.el8.aarch64", "product": { "name": "glib2-debuginfo-0:2.56.4-159.el8.aarch64", "product_id": "glib2-debuginfo-0:2.56.4-159.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debuginfo@2.56.4-159.el8?arch=aarch64" } } }, { "category": "product_version", "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "product": { "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "product_id": "glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel-debuginfo@2.56.4-159.el8?arch=aarch64" } } }, { "category": "product_version", "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "product": { "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "product_id": "glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-fam-debuginfo@2.56.4-159.el8?arch=aarch64" } } }, { "category": "product_version", "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "product": { "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "product_id": "glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests-debuginfo@2.56.4-159.el8?arch=aarch64" } } }, { "category": "product_version", "name": "glib2-static-0:2.56.4-159.el8.aarch64", "product": { "name": "glib2-static-0:2.56.4-159.el8.aarch64", "product_id": "glib2-static-0:2.56.4-159.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-static@2.56.4-159.el8?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-0:2.36.7-1.el8.aarch64", "product": { "name": "webkit2gtk3-0:2.36.7-1.el8.aarch64", "product_id": "webkit2gtk3-0:2.36.7-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "product": { "name": "webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "product_id": "webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "product": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "product_id": "webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "product": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "product": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "product": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "product": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "product": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el8?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "product": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el8?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "glib2-0:2.56.4-159.el8.ppc64le", "product": { "name": "glib2-0:2.56.4-159.el8.ppc64le", "product_id": "glib2-0:2.56.4-159.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2@2.56.4-159.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "glib2-devel-0:2.56.4-159.el8.ppc64le", "product": { "name": "glib2-devel-0:2.56.4-159.el8.ppc64le", "product_id": "glib2-devel-0:2.56.4-159.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel@2.56.4-159.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "glib2-fam-0:2.56.4-159.el8.ppc64le", "product": { "name": "glib2-fam-0:2.56.4-159.el8.ppc64le", "product_id": "glib2-fam-0:2.56.4-159.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-fam@2.56.4-159.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "glib2-tests-0:2.56.4-159.el8.ppc64le", "product": { "name": "glib2-tests-0:2.56.4-159.el8.ppc64le", "product_id": "glib2-tests-0:2.56.4-159.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests@2.56.4-159.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "glib2-debugsource-0:2.56.4-159.el8.ppc64le", "product": { "name": "glib2-debugsource-0:2.56.4-159.el8.ppc64le", "product_id": "glib2-debugsource-0:2.56.4-159.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debugsource@2.56.4-159.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "product": { "name": "glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "product_id": "glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debuginfo@2.56.4-159.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "product": { "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "product_id": "glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel-debuginfo@2.56.4-159.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "product": { "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "product_id": "glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-fam-debuginfo@2.56.4-159.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "product": { "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "product_id": "glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests-debuginfo@2.56.4-159.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "glib2-static-0:2.56.4-159.el8.ppc64le", "product": { "name": "glib2-static-0:2.56.4-159.el8.ppc64le", "product_id": "glib2-static-0:2.56.4-159.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-static@2.56.4-159.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-0:2.36.7-1.el8.ppc64le", "product": { "name": "webkit2gtk3-0:2.36.7-1.el8.ppc64le", "product_id": "webkit2gtk3-0:2.36.7-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "product": { "name": "webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "product_id": "webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "product": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "product_id": "webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "product": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "product": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "product": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "product": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "product": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "product": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "glib2-0:2.56.4-159.el8.i686", "product": { "name": "glib2-0:2.56.4-159.el8.i686", "product_id": "glib2-0:2.56.4-159.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2@2.56.4-159.el8?arch=i686" } } }, { "category": "product_version", "name": "glib2-devel-0:2.56.4-159.el8.i686", "product": { "name": "glib2-devel-0:2.56.4-159.el8.i686", "product_id": "glib2-devel-0:2.56.4-159.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel@2.56.4-159.el8?arch=i686" } } }, { "category": "product_version", "name": "glib2-debugsource-0:2.56.4-159.el8.i686", "product": { "name": "glib2-debugsource-0:2.56.4-159.el8.i686", "product_id": "glib2-debugsource-0:2.56.4-159.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debugsource@2.56.4-159.el8?arch=i686" } } }, { "category": "product_version", "name": "glib2-debuginfo-0:2.56.4-159.el8.i686", "product": { "name": "glib2-debuginfo-0:2.56.4-159.el8.i686", "product_id": "glib2-debuginfo-0:2.56.4-159.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debuginfo@2.56.4-159.el8?arch=i686" } } }, { "category": "product_version", "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "product": { "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "product_id": "glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel-debuginfo@2.56.4-159.el8?arch=i686" } } }, { "category": "product_version", "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "product": { "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "product_id": "glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-fam-debuginfo@2.56.4-159.el8?arch=i686" } } }, { "category": "product_version", "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "product": { "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "product_id": "glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests-debuginfo@2.56.4-159.el8?arch=i686" } } }, { "category": "product_version", "name": "glib2-static-0:2.56.4-159.el8.i686", "product": { "name": "glib2-static-0:2.56.4-159.el8.i686", "product_id": "glib2-static-0:2.56.4-159.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-static@2.56.4-159.el8?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-0:2.36.7-1.el8.i686", "product": { "name": "webkit2gtk3-0:2.36.7-1.el8.i686", "product_id": "webkit2gtk3-0:2.36.7-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el8?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-0:2.36.7-1.el8.i686", "product": { "name": "webkit2gtk3-devel-0:2.36.7-1.el8.i686", "product_id": "webkit2gtk3-devel-0:2.36.7-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el8?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "product": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "product_id": "webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el8?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "product": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el8?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "product": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el8?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "product": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el8?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "product": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el8?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "product": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el8?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "product": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el8?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "glib2-0:2.56.4-159.el8.x86_64", "product": { "name": "glib2-0:2.56.4-159.el8.x86_64", "product_id": "glib2-0:2.56.4-159.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2@2.56.4-159.el8?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-devel-0:2.56.4-159.el8.x86_64", "product": { "name": "glib2-devel-0:2.56.4-159.el8.x86_64", "product_id": "glib2-devel-0:2.56.4-159.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel@2.56.4-159.el8?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-fam-0:2.56.4-159.el8.x86_64", "product": { "name": "glib2-fam-0:2.56.4-159.el8.x86_64", "product_id": "glib2-fam-0:2.56.4-159.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-fam@2.56.4-159.el8?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-tests-0:2.56.4-159.el8.x86_64", "product": { "name": "glib2-tests-0:2.56.4-159.el8.x86_64", "product_id": "glib2-tests-0:2.56.4-159.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests@2.56.4-159.el8?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-debugsource-0:2.56.4-159.el8.x86_64", "product": { "name": "glib2-debugsource-0:2.56.4-159.el8.x86_64", "product_id": "glib2-debugsource-0:2.56.4-159.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debugsource@2.56.4-159.el8?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-debuginfo-0:2.56.4-159.el8.x86_64", "product": { "name": "glib2-debuginfo-0:2.56.4-159.el8.x86_64", "product_id": "glib2-debuginfo-0:2.56.4-159.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debuginfo@2.56.4-159.el8?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "product": { "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "product_id": "glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel-debuginfo@2.56.4-159.el8?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "product": { "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "product_id": "glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-fam-debuginfo@2.56.4-159.el8?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "product": { "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "product_id": "glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests-debuginfo@2.56.4-159.el8?arch=x86_64" } } }, { "category": "product_version", "name": "glib2-static-0:2.56.4-159.el8.x86_64", "product": { "name": "glib2-static-0:2.56.4-159.el8.x86_64", "product_id": "glib2-static-0:2.56.4-159.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-static@2.56.4-159.el8?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-0:2.36.7-1.el8.x86_64", "product": { "name": "webkit2gtk3-0:2.36.7-1.el8.x86_64", "product_id": "webkit2gtk3-0:2.36.7-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "product": { "name": "webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "product_id": "webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "product": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "product_id": "webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "product": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "product": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "product": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "product": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "product": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64", "product": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64", "product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "glib2-0:2.56.4-159.el8.s390x", "product": { "name": "glib2-0:2.56.4-159.el8.s390x", "product_id": "glib2-0:2.56.4-159.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2@2.56.4-159.el8?arch=s390x" } } }, { "category": "product_version", "name": "glib2-devel-0:2.56.4-159.el8.s390x", "product": { "name": "glib2-devel-0:2.56.4-159.el8.s390x", "product_id": "glib2-devel-0:2.56.4-159.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel@2.56.4-159.el8?arch=s390x" } } }, { "category": "product_version", "name": "glib2-fam-0:2.56.4-159.el8.s390x", "product": { "name": "glib2-fam-0:2.56.4-159.el8.s390x", "product_id": "glib2-fam-0:2.56.4-159.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-fam@2.56.4-159.el8?arch=s390x" } } }, { "category": "product_version", "name": "glib2-tests-0:2.56.4-159.el8.s390x", "product": { "name": "glib2-tests-0:2.56.4-159.el8.s390x", "product_id": "glib2-tests-0:2.56.4-159.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests@2.56.4-159.el8?arch=s390x" } } }, { "category": "product_version", "name": "glib2-debugsource-0:2.56.4-159.el8.s390x", "product": { "name": "glib2-debugsource-0:2.56.4-159.el8.s390x", "product_id": "glib2-debugsource-0:2.56.4-159.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debugsource@2.56.4-159.el8?arch=s390x" } } }, { "category": "product_version", "name": "glib2-debuginfo-0:2.56.4-159.el8.s390x", "product": { "name": "glib2-debuginfo-0:2.56.4-159.el8.s390x", "product_id": "glib2-debuginfo-0:2.56.4-159.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-debuginfo@2.56.4-159.el8?arch=s390x" } } }, { "category": "product_version", "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "product": { "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "product_id": "glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-devel-debuginfo@2.56.4-159.el8?arch=s390x" } } }, { "category": "product_version", "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "product": { "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "product_id": "glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-fam-debuginfo@2.56.4-159.el8?arch=s390x" } } }, { "category": "product_version", "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "product": { "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "product_id": "glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-tests-debuginfo@2.56.4-159.el8?arch=s390x" } } }, { "category": "product_version", "name": "glib2-static-0:2.56.4-159.el8.s390x", "product": { "name": "glib2-static-0:2.56.4-159.el8.s390x", "product_id": "glib2-static-0:2.56.4-159.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-static@2.56.4-159.el8?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-0:2.36.7-1.el8.s390x", "product": { "name": "webkit2gtk3-0:2.36.7-1.el8.s390x", "product_id": "webkit2gtk3-0:2.36.7-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "product": { "name": "webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "product_id": "webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "product": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "product_id": "webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "product": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "product": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "product": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "product": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "product": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "product": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "glib2-doc-0:2.56.4-159.el8.noarch", "product": { "name": "glib2-doc-0:2.56.4-159.el8.noarch", "product_id": "glib2-doc-0:2.56.4-159.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/glib2-doc@2.56.4-159.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.36.7-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64" }, "product_reference": "webkit2gtk3-0:2.36.7-1.el8.aarch64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.36.7-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686" }, "product_reference": "webkit2gtk3-0:2.36.7-1.el8.i686", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.36.7-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le" }, "product_reference": "webkit2gtk3-0:2.36.7-1.el8.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.36.7-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x" }, "product_reference": "webkit2gtk3-0:2.36.7-1.el8.s390x", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.36.7-1.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src" }, "product_reference": "webkit2gtk3-0:2.36.7-1.el8.src", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.36.7-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64" }, "product_reference": "webkit2gtk3-0:2.36.7-1.el8.x86_64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64" }, "product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686" }, "product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le" }, "product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x" }, "product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64" }, "product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64" }, "product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686" }, "product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le" }, "product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x" }, "product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64" }, "product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.36.7-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64" }, "product_reference": "webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.36.7-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686" }, "product_reference": "webkit2gtk3-devel-0:2.36.7-1.el8.i686", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le" }, "product_reference": "webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.36.7-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x" }, "product_reference": "webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.36.7-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64" }, "product_reference": "webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64" }, "product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686" }, "product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le" }, "product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x" }, "product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64" }, "product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64" }, "product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686" }, "product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le" }, "product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x" }, "product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64" }, "product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64" }, "product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686" }, "product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le" }, "product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x" }, "product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64" }, "product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64" }, "product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686" }, "product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le" }, "product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x" }, "product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" }, "product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64", "relates_to_product_reference": "AppStream-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.56.4-159.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.56.4-159.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686" }, "product_reference": "glib2-0:2.56.4-159.el8.i686", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.56.4-159.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.56.4-159.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.56.4-159.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src" }, "product_reference": "glib2-0:2.56.4-159.el8.src", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.56.4-159.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.56.4-159.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-debuginfo-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.56.4-159.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686" }, "product_reference": "glib2-debuginfo-0:2.56.4-159.el8.i686", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.56.4-159.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.56.4-159.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-debuginfo-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.56.4-159.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-debuginfo-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.56.4-159.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-debugsource-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.56.4-159.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686" }, "product_reference": "glib2-debugsource-0:2.56.4-159.el8.i686", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.56.4-159.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-debugsource-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.56.4-159.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-debugsource-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.56.4-159.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-debugsource-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.56.4-159.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-devel-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.56.4-159.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686" }, "product_reference": "glib2-devel-0:2.56.4-159.el8.i686", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.56.4-159.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-devel-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.56.4-159.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-devel-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.56.4-159.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-devel-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686" }, "product_reference": "glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-doc-0:2.56.4-159.el8.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch" }, "product_reference": "glib2-doc-0:2.56.4-159.el8.noarch", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-0:2.56.4-159.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-fam-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-0:2.56.4-159.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-fam-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-0:2.56.4-159.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-fam-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-0:2.56.4-159.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-fam-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686" }, "product_reference": "glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.56.4-159.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-static-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.56.4-159.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686" }, "product_reference": "glib2-static-0:2.56.4-159.el8.i686", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.56.4-159.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-static-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.56.4-159.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-static-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.56.4-159.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-static-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.56.4-159.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-tests-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.56.4-159.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-tests-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.56.4-159.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-tests-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.56.4-159.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-tests-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686" }, "product_reference": "glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "BaseOS-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.56.4-159.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.56.4-159.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686" }, "product_reference": "glib2-0:2.56.4-159.el8.i686", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.56.4-159.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.56.4-159.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.56.4-159.el8.src as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src" }, "product_reference": "glib2-0:2.56.4-159.el8.src", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-0:2.56.4-159.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.56.4-159.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-debuginfo-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.56.4-159.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686" }, "product_reference": "glib2-debuginfo-0:2.56.4-159.el8.i686", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.56.4-159.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.56.4-159.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-debuginfo-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debuginfo-0:2.56.4-159.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-debuginfo-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.56.4-159.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-debugsource-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.56.4-159.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686" }, "product_reference": "glib2-debugsource-0:2.56.4-159.el8.i686", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.56.4-159.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-debugsource-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.56.4-159.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-debugsource-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-debugsource-0:2.56.4-159.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-debugsource-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.56.4-159.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-devel-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.56.4-159.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686" }, "product_reference": "glib2-devel-0:2.56.4-159.el8.i686", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.56.4-159.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-devel-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.56.4-159.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-devel-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-0:2.56.4-159.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-devel-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686" }, "product_reference": "glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-doc-0:2.56.4-159.el8.noarch as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch" }, "product_reference": "glib2-doc-0:2.56.4-159.el8.noarch", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-0:2.56.4-159.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-fam-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-0:2.56.4-159.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-fam-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-0:2.56.4-159.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-fam-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-0:2.56.4-159.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-fam-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686" }, "product_reference": "glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.56.4-159.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-static-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.56.4-159.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686" }, "product_reference": "glib2-static-0:2.56.4-159.el8.i686", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.56.4-159.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-static-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.56.4-159.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-static-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-static-0:2.56.4-159.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-static-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.56.4-159.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-tests-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.56.4-159.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-tests-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.56.4-159.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-tests-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-0:2.56.4-159.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-tests-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64" }, "product_reference": "glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686" }, "product_reference": "glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le" }, "product_reference": "glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x" }, "product_reference": "glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "relates_to_product_reference": "CRB-8.7.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)", "product_id": "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" }, "product_reference": "glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "relates_to_product_reference": "CRB-8.7.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-22624", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-04-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073893" } ], "notes": [ { "category": "description", "text": "A use-after-free issue was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process maliciously crafted web content, leading to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Use-after-free leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "known_not_affected": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22624" }, { "category": "external", "summary": "RHBZ#2073893", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073893" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22624", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22624" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22624", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22624" } ], "release_date": "2022-04-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-08T09:56:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Use-after-free leading to arbitrary code execution" }, { "cve": "CVE-2022-22628", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-04-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073896" } ], "notes": [ { "category": "description", "text": "A use-after-free issue was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process maliciously crafted web content, leading to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Use-after-free leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "known_not_affected": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22628" }, { "category": "external", "summary": "RHBZ#2073896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073896" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22628", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22628" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22628", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22628" } ], "release_date": "2022-04-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-08T09:56:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Use-after-free leading to arbitrary code execution" }, { "cve": "CVE-2022-22629", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2022-04-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073899" } ], "notes": [ { "category": "description", "text": "A buffer overflow vulnerability was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process maliciously crafted web content, leading to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Buffer overflow leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "known_not_affected": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22629" }, { "category": "external", "summary": "RHBZ#2073899", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073899" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22629", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22629" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22629", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22629" } ], "release_date": "2022-04-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-08T09:56:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Buffer overflow leading to arbitrary code execution" }, { "cve": "CVE-2022-22662", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2022-07-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2104787" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in WebKitGTK, where an issue occurs due to improper cookie management. This flaw allows a remote attacker to trick the victim into parsing maliciously crafted web content, triggering the vulnerability and gaining access to potentially sensitive information.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Cookie management issue leading to sensitive user information disclosure", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 6, 7, 8, and 9 are affected because the code-base is affected by this vulnerability.\n\nSince Red Hat Enterprise Linux 6 and 7 are Out-of-Support-Scope for Low/Moderate flaws, the issue is not currently planned to be addressed in future updates for RHEL-6,7. Only Important and Critical severity flaws will be addressed at this time.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "known_not_affected": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22662" }, { "category": "external", "summary": "RHBZ#2104787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104787" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22662", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22662" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22662", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22662" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2022-0006.html", "url": "https://webkitgtk.org/security/WSA-2022-0006.html" } ], "release_date": "2022-07-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-08T09:56:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Cookie management issue leading to sensitive user information disclosure" }, { "cve": "CVE-2022-26700", "cwe": { "id": "CWE-1173", "name": "Improper Use of Validation Framework" }, "discovery_date": "2022-06-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2092732" } ], "notes": [ { "category": "description", "text": "A flaw was found in webkitgtk. The vulnerability occurs due to improper input validation, leading to memory corruption. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Memory corruption issue leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "known_not_affected": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26700" }, { "category": "external", "summary": "RHBZ#2092732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092732" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26700", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26700" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26700", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26700" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2022-0005.html", "url": "https://webkitgtk.org/security/WSA-2022-0005.html" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-08T09:56:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Memory corruption issue leading to arbitrary code execution" }, { "cve": "CVE-2022-26709", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-06-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2092733" } ], "notes": [ { "category": "description", "text": "A flaw was found in webkitgtk. Due to improper input validation, the issue occurs, leading to a use-after-free vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Use-after-free leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "known_not_affected": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26709" }, { "category": "external", "summary": "RHBZ#2092733", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092733" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26709", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26709" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26709", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26709" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2022-0005.html", "url": "https://webkitgtk.org/security/WSA-2022-0005.html" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-08T09:56:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Use-after-free leading to arbitrary code execution" }, { "cve": "CVE-2022-26710", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-07-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2104789" } ], "notes": [ { "category": "description", "text": "A use-after-free vulnerability was found in WebKitGTK. The flaw occurs when processing maliciously crafted HTML content in WebKit. This flaw allows a remote attacker to trick the victim into visiting a specially crafted website, triggering memory corruption and executing arbitrary code on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Use-after-free leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 6, 7, 8, and 9 are affected because the code-base is affected by this vulnerability.\n\nSince Red Hat Enterprise Linux 6 and 7 are Out-of-Support-Scope for Low/Moderate flaws, the issue is not currently planned to be addressed in future updates for RHEL-6,7. Only Important and Critical severity flaws will be addressed at this time.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "known_not_affected": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26710" }, { "category": "external", "summary": "RHBZ#2104789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26710", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26710" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2022-0006.html", "url": "https://webkitgtk.org/security/WSA-2022-0006.html" } ], "release_date": "2022-07-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-08T09:56:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Use-after-free leading to arbitrary code execution" }, { "cve": "CVE-2022-26716", "cwe": { "id": "CWE-1173", "name": "Improper Use of Validation Framework" }, "discovery_date": "2022-06-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2092734" } ], "notes": [ { "category": "description", "text": "A flaw was found in webkitgtk. Due to improper input validation, the issue occurs, leading to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Memory corruption issue leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "known_not_affected": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26716" }, { "category": "external", "summary": "RHBZ#2092734", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092734" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26716", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26716" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26716", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26716" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2022-0005.html", "url": "https://webkitgtk.org/security/WSA-2022-0005.html" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-08T09:56:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Memory corruption issue leading to arbitrary code execution" }, { "cve": "CVE-2022-26717", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-06-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2092735" } ], "notes": [ { "category": "description", "text": "A flaw was found in webkitgtk. Due to improper input validation, the issue occurs, leading to a use-after-free vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Use-after-free leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "known_not_affected": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26717" }, { "category": "external", "summary": "RHBZ#2092735", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092735" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26717", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26717" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26717" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2022-0005.html", "url": "https://webkitgtk.org/security/WSA-2022-0005.html" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-08T09:56:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Use-after-free leading to arbitrary code execution" }, { "cve": "CVE-2022-26719", "cwe": { "id": "CWE-1173", "name": "Improper Use of Validation Framework" }, "discovery_date": "2022-06-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2092736" } ], "notes": [ { "category": "description", "text": "A flaw was found in webkitgtk. Due to improper input validation, the issue occurs, leading to memory corruption. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Memory corruption issue leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "known_not_affected": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26719" }, { "category": "external", "summary": "RHBZ#2092736", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092736" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26719", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26719" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2022-0005.html", "url": "https://webkitgtk.org/security/WSA-2022-0005.html" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-08T09:56:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Memory corruption issue leading to arbitrary code execution" }, { "cve": "CVE-2022-30293", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-05-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2082548" } ], "notes": [ { "category": "description", "text": "A heap buffer overflow vulnerability was found in WebKitGTK. The vulnerability occurs when processing or rendering HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, triggering a heap buffer overflow error and leading to the execution of arbitrary code on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "known_not_affected": [ "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30293" }, { "category": "external", "summary": "RHBZ#2082548", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082548" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30293", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30293" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30293", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30293" } ], "release_date": "2022-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-08T09:56:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution" }, { "cve": "CVE-2022-32792", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2023-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2238973" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in webkit. This issue occurs when processing maliciously crafted web content which may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32792" }, { "category": "external", "summary": "RHBZ#2238973", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238973" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32792", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32792" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32792", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32792" }, { "category": "external", "summary": "https://wpewebkit.org/security/WSA-2022-0007.html", "url": "https://wpewebkit.org/security/WSA-2022-0007.html" } ], "release_date": "2022-07-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-08T09:56:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution" }, { "cve": "CVE-2022-32816", "discovery_date": "2023-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2238975" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in webkit. This issue occurs when visiting a website that frames malicious content, which may lead to UI spoofing.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: malicious content may lead to UI spoofing", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32816" }, { "category": "external", "summary": "RHBZ#2238975", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238975" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32816", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32816" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32816", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32816" }, { "category": "external", "summary": "https://wpewebkit.org/security/WSA-2022-0007.html", "url": "https://wpewebkit.org/security/WSA-2022-0007.html" } ], "release_date": "2022-07-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-08T09:56:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: malicious content may lead to UI spoofing" }, { "cve": "CVE-2022-32891", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2022-09-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2128647" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in webkitgtk, where an issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: UI spoofing while Visiting a website that frames malicious content", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32891" }, { "category": "external", "summary": "RHBZ#2128647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128647" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32891", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32891" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32891", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32891" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2022-0009.html", "url": "https://webkitgtk.org/security/WSA-2022-0009.html" } ], "release_date": "2022-09-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-08T09:56:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.src", "AppStream-8.7.0.GA:webkit2gtk3-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el8.x86_64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.aarch64", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.i686", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.ppc64le", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.s390x", "AppStream-8.7.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el8.x86_64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "BaseOS-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "BaseOS-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.src", "CRB-8.7.0.GA:glib2-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-debugsource-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-devel-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-doc-0:2.56.4-159.el8.noarch", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-fam-debuginfo-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-static-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-0:2.56.4-159.el8.x86_64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.aarch64", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.i686", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.ppc64le", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.s390x", "CRB-8.7.0.GA:glib2-tests-debuginfo-0:2.56.4-159.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: UI spoofing while Visiting a website that frames malicious content" } ] }
rhsa-2022_8054
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)\n\n* webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)\n\n* webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)\n\n* webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:8054", "url": "https://access.redhat.com/errata/RHSA-2022:8054" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index" }, { "category": "external", "summary": "2061996", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061996" }, { "category": "external", "summary": "2073893", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073893" }, { "category": "external", "summary": "2073896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073896" }, { "category": "external", "summary": "2073899", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073899" }, { "category": "external", "summary": "2082548", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082548" }, { "category": "external", "summary": "2092732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092732" }, { "category": "external", "summary": "2092733", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092733" }, { "category": "external", "summary": "2092734", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092734" }, { "category": "external", "summary": "2092735", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092735" }, { "category": "external", "summary": "2092736", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092736" }, { "category": "external", "summary": "2104787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104787" }, { "category": "external", "summary": "2104789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104789" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8054.json" } ], "title": "Red Hat Security Advisory: webkit2gtk3 security and bug fix update", "tracking": { "current_release_date": "2024-11-22T19:07:05+00:00", "generator": { "date": "2024-11-22T19:07:05+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:8054", "initial_release_date": "2022-11-15T13:26:22+00:00", "revision_history": [ { "date": "2022-11-15T13:26:22+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-15T13:26:22+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T19:07:05+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "webkit2gtk3-0:2.36.7-1.el9.src", "product": { "name": "webkit2gtk3-0:2.36.7-1.el9.src", "product_id": "webkit2gtk3-0:2.36.7-1.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el9?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "webkit2gtk3-0:2.36.7-1.el9.aarch64", "product": { "name": "webkit2gtk3-0:2.36.7-1.el9.aarch64", "product_id": "webkit2gtk3-0:2.36.7-1.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el9?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "product": { "name": "webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "product_id": "webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el9?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "product": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "product_id": "webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el9?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "product": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el9?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "product": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el9?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "product": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el9?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "product": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el9?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "product": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el9?arch=aarch64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "product": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el9?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "webkit2gtk3-0:2.36.7-1.el9.ppc64le", "product": { "name": "webkit2gtk3-0:2.36.7-1.el9.ppc64le", "product_id": "webkit2gtk3-0:2.36.7-1.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el9?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "product": { "name": "webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "product_id": "webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el9?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "product": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "product_id": "webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el9?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "product": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el9?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "product": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el9?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "product": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el9?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "product": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el9?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "product": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el9?arch=ppc64le" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "product": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el9?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "webkit2gtk3-0:2.36.7-1.el9.i686", "product": { "name": "webkit2gtk3-0:2.36.7-1.el9.i686", "product_id": "webkit2gtk3-0:2.36.7-1.el9.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el9?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-0:2.36.7-1.el9.i686", "product": { "name": "webkit2gtk3-devel-0:2.36.7-1.el9.i686", "product_id": "webkit2gtk3-devel-0:2.36.7-1.el9.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el9?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "product": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "product_id": "webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el9?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "product": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el9?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "product": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el9?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "product": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el9?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "product": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el9?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "product": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el9?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "product": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el9?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "webkit2gtk3-0:2.36.7-1.el9.x86_64", "product": { "name": "webkit2gtk3-0:2.36.7-1.el9.x86_64", "product_id": "webkit2gtk3-0:2.36.7-1.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el9?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "product": { "name": "webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "product_id": "webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el9?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "product": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "product_id": "webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el9?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "product": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el9?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "product": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el9?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "product": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el9?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "product": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el9?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "product": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el9?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64", "product": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64", "product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "webkit2gtk3-0:2.36.7-1.el9.s390x", "product": { "name": "webkit2gtk3-0:2.36.7-1.el9.s390x", "product_id": "webkit2gtk3-0:2.36.7-1.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3@2.36.7-1.el9?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "product": { "name": "webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "product_id": "webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.36.7-1.el9?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "product": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "product_id": "webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.36.7-1.el9?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "product": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "product_id": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.36.7-1.el9?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "product": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "product_id": "webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.36.7-1.el9?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "product": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "product_id": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.36.7-1.el9?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "product": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "product_id": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.36.7-1.el9?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "product": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "product_id": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.36.7-1.el9?arch=s390x" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "product": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.36.7-1.el9?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.36.7-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64" }, "product_reference": "webkit2gtk3-0:2.36.7-1.el9.aarch64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.36.7-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686" }, "product_reference": "webkit2gtk3-0:2.36.7-1.el9.i686", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.36.7-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le" }, "product_reference": "webkit2gtk3-0:2.36.7-1.el9.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.36.7-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x" }, "product_reference": "webkit2gtk3-0:2.36.7-1.el9.s390x", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.36.7-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src" }, "product_reference": "webkit2gtk3-0:2.36.7-1.el9.src", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.36.7-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64" }, "product_reference": "webkit2gtk3-0:2.36.7-1.el9.x86_64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64" }, "product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686" }, "product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le" }, "product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x" }, "product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64" }, "product_reference": "webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64" }, "product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686" }, "product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le" }, "product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x" }, "product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64" }, "product_reference": "webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.36.7-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64" }, "product_reference": "webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.36.7-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686" }, "product_reference": "webkit2gtk3-devel-0:2.36.7-1.el9.i686", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le" }, "product_reference": "webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.36.7-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x" }, "product_reference": "webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.36.7-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64" }, "product_reference": "webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64" }, "product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686" }, "product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le" }, "product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x" }, "product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64" }, "product_reference": "webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64" }, "product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686" }, "product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le" }, "product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x" }, "product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64" }, "product_reference": "webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64" }, "product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686" }, "product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le" }, "product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x" }, "product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64" }, "product_reference": "webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64" }, "product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686" }, "product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le" }, "product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x" }, "product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "relates_to_product_reference": "AppStream-9.1.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" }, "product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64", "relates_to_product_reference": "AppStream-9.1.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-22624", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073893" } ], "notes": [ { "category": "description", "text": "A use-after-free issue was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process maliciously crafted web content, leading to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Use-after-free leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22624" }, { "category": "external", "summary": "RHBZ#2073893", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073893" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22624", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22624" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22624", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22624" } ], "release_date": "2022-04-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-15T13:26:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8054" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Use-after-free leading to arbitrary code execution" }, { "cve": "CVE-2022-22628", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073896" } ], "notes": [ { "category": "description", "text": "A use-after-free issue was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process maliciously crafted web content, leading to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Use-after-free leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22628" }, { "category": "external", "summary": "RHBZ#2073896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073896" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22628", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22628" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22628", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22628" } ], "release_date": "2022-04-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-15T13:26:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8054" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Use-after-free leading to arbitrary code execution" }, { "cve": "CVE-2022-22629", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073899" } ], "notes": [ { "category": "description", "text": "A buffer overflow vulnerability was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process maliciously crafted web content, leading to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Buffer overflow leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22629" }, { "category": "external", "summary": "RHBZ#2073899", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073899" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22629", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22629" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22629", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22629" } ], "release_date": "2022-04-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-15T13:26:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8054" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Buffer overflow leading to arbitrary code execution" }, { "cve": "CVE-2022-22662", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2104787" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in WebKitGTK, where an issue occurs due to improper cookie management. This flaw allows a remote attacker to trick the victim into parsing maliciously crafted web content, triggering the vulnerability and gaining access to potentially sensitive information.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Cookie management issue leading to sensitive user information disclosure", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 6, 7, 8, and 9 are affected because the code-base is affected by this vulnerability.\n\nSince Red Hat Enterprise Linux 6 and 7 are Out-of-Support-Scope for Low/Moderate flaws, the issue is not currently planned to be addressed in future updates for RHEL-6,7. Only Important and Critical severity flaws will be addressed at this time.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22662" }, { "category": "external", "summary": "RHBZ#2104787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104787" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22662", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22662" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22662", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22662" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2022-0006.html", "url": "https://webkitgtk.org/security/WSA-2022-0006.html" } ], "release_date": "2022-07-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-15T13:26:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8054" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Cookie management issue leading to sensitive user information disclosure" }, { "cve": "CVE-2022-26700", "cwe": { "id": "CWE-1173", "name": "Improper Use of Validation Framework" }, "discovery_date": "2022-06-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2092732" } ], "notes": [ { "category": "description", "text": "A flaw was found in webkitgtk. The vulnerability occurs due to improper input validation, leading to memory corruption. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Memory corruption issue leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26700" }, { "category": "external", "summary": "RHBZ#2092732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092732" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26700", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26700" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26700", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26700" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2022-0005.html", "url": "https://webkitgtk.org/security/WSA-2022-0005.html" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-15T13:26:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8054" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Memory corruption issue leading to arbitrary code execution" }, { "cve": "CVE-2022-26709", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-06-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2092733" } ], "notes": [ { "category": "description", "text": "A flaw was found in webkitgtk. Due to improper input validation, the issue occurs, leading to a use-after-free vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Use-after-free leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26709" }, { "category": "external", "summary": "RHBZ#2092733", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092733" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26709", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26709" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26709", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26709" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2022-0005.html", "url": "https://webkitgtk.org/security/WSA-2022-0005.html" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-15T13:26:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8054" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Use-after-free leading to arbitrary code execution" }, { "cve": "CVE-2022-26710", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2104789" } ], "notes": [ { "category": "description", "text": "A use-after-free vulnerability was found in WebKitGTK. The flaw occurs when processing maliciously crafted HTML content in WebKit. This flaw allows a remote attacker to trick the victim into visiting a specially crafted website, triggering memory corruption and executing arbitrary code on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Use-after-free leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 6, 7, 8, and 9 are affected because the code-base is affected by this vulnerability.\n\nSince Red Hat Enterprise Linux 6 and 7 are Out-of-Support-Scope for Low/Moderate flaws, the issue is not currently planned to be addressed in future updates for RHEL-6,7. Only Important and Critical severity flaws will be addressed at this time.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26710" }, { "category": "external", "summary": "RHBZ#2104789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26710", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26710" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2022-0006.html", "url": "https://webkitgtk.org/security/WSA-2022-0006.html" } ], "release_date": "2022-07-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-15T13:26:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8054" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Use-after-free leading to arbitrary code execution" }, { "cve": "CVE-2022-26716", "cwe": { "id": "CWE-1173", "name": "Improper Use of Validation Framework" }, "discovery_date": "2022-06-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2092734" } ], "notes": [ { "category": "description", "text": "A flaw was found in webkitgtk. Due to improper input validation, the issue occurs, leading to a memory corruption vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Memory corruption issue leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26716" }, { "category": "external", "summary": "RHBZ#2092734", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092734" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26716", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26716" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26716", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26716" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2022-0005.html", "url": "https://webkitgtk.org/security/WSA-2022-0005.html" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-15T13:26:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8054" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Memory corruption issue leading to arbitrary code execution" }, { "cve": "CVE-2022-26717", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-06-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2092735" } ], "notes": [ { "category": "description", "text": "A flaw was found in webkitgtk. Due to improper input validation, the issue occurs, leading to a use-after-free vulnerability. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Use-after-free leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26717" }, { "category": "external", "summary": "RHBZ#2092735", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092735" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26717", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26717" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26717" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2022-0005.html", "url": "https://webkitgtk.org/security/WSA-2022-0005.html" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-15T13:26:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8054" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Use-after-free leading to arbitrary code execution" }, { "cve": "CVE-2022-26719", "cwe": { "id": "CWE-1173", "name": "Improper Use of Validation Framework" }, "discovery_date": "2022-06-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2092736" } ], "notes": [ { "category": "description", "text": "A flaw was found in webkitgtk. Due to improper input validation, the issue occurs, leading to memory corruption. This flaw allows an attacker with network access to pass specially crafted web content files, causing an application to halt, crash, or arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Memory corruption issue leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26719" }, { "category": "external", "summary": "RHBZ#2092736", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092736" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26719", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26719" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2022-0005.html", "url": "https://webkitgtk.org/security/WSA-2022-0005.html" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-15T13:26:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8054" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Memory corruption issue leading to arbitrary code execution" }, { "cve": "CVE-2022-30293", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2082548" } ], "notes": [ { "category": "description", "text": "A heap buffer overflow vulnerability was found in WebKitGTK. The vulnerability occurs when processing or rendering HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, triggering a heap buffer overflow error and leading to the execution of arbitrary code on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30293" }, { "category": "external", "summary": "RHBZ#2082548", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082548" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30293", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30293" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30293", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30293" } ], "release_date": "2022-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-15T13:26:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8054" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution" }, { "cve": "CVE-2022-32792", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2023-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2238973" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in webkit. This issue occurs when processing maliciously crafted web content which may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32792" }, { "category": "external", "summary": "RHBZ#2238973", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238973" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32792", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32792" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32792", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32792" }, { "category": "external", "summary": "https://wpewebkit.org/security/WSA-2022-0007.html", "url": "https://wpewebkit.org/security/WSA-2022-0007.html" } ], "release_date": "2022-07-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-15T13:26:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8054" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution" }, { "cve": "CVE-2022-32816", "discovery_date": "2023-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2238975" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in webkit. This issue occurs when visiting a website that frames malicious content, which may lead to UI spoofing.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: malicious content may lead to UI spoofing", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32816" }, { "category": "external", "summary": "RHBZ#2238975", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238975" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32816", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32816" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32816", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32816" }, { "category": "external", "summary": "https://wpewebkit.org/security/WSA-2022-0007.html", "url": "https://wpewebkit.org/security/WSA-2022-0007.html" } ], "release_date": "2022-07-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-15T13:26:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8054" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: malicious content may lead to UI spoofing" }, { "cve": "CVE-2022-32891", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2022-09-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2128647" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in webkitgtk, where an issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing.", "title": "Vulnerability description" }, { "category": "summary", "text": "webkitgtk: UI spoofing while Visiting a website that frames malicious content", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32891" }, { "category": "external", "summary": "RHBZ#2128647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128647" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32891", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32891" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32891", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32891" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2022-0009.html", "url": "https://webkitgtk.org/security/WSA-2022-0009.html" } ], "release_date": "2022-09-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-15T13:26:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8054" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.src", "AppStream-9.1.0.GA:webkit2gtk3-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-debugsource-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-devel-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-debuginfo-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-0:2.36.7-1.el9.x86_64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.aarch64", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.i686", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.ppc64le", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.s390x", "AppStream-9.1.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.36.7-1.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webkitgtk: UI spoofing while Visiting a website that frames malicious content" } ] }
gsd-2022-22629
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2022-22629", "description": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.", "id": "GSD-2022-22629", "references": [ "https://www.debian.org/security/2022/dsa-5115", "https://www.debian.org/security/2022/dsa-5116", "https://advisories.mageia.org/CVE-2022-22629.html", "https://www.suse.com/security/cve/CVE-2022-22629.html", "https://ubuntu.com/security/CVE-2022-22629", "https://security.archlinux.org/CVE-2022-22629", "https://access.redhat.com/errata/RHSA-2022:7704", "https://access.redhat.com/errata/RHSA-2022:8054" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-22629" ], "details": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.", "id": "GSD-2022-22629", "modified": "2023-12-13T01:19:28.850330Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-22629", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Safari", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.4" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.4" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.3" } ] } }, { "product_name": "tvOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "15.4" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "8.5" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.12" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.12" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Processing maliciously crafted web content may lead to arbitrary code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213182", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213182" }, { "name": "https://support.apple.com/en-us/HT213193", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213193" }, { "name": "https://support.apple.com/en-us/HT213183", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213183" }, { "name": "https://support.apple.com/en-us/HT213186", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213186" }, { "name": "https://support.apple.com/en-us/HT213188", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213188" }, { "name": "https://support.apple.com/en-us/HT213187", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213187" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.3", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionEndExcluding": "12.12.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.4", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-22629" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213188", "refsource": "MISC", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://support.apple.com/en-us/HT213188" }, { "name": "https://support.apple.com/en-us/HT213186", "refsource": "MISC", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://support.apple.com/en-us/HT213186" }, { "name": "https://support.apple.com/en-us/HT213187", "refsource": "MISC", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://support.apple.com/en-us/HT213187" }, { "name": "https://support.apple.com/en-us/HT213182", "refsource": "MISC", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://support.apple.com/en-us/HT213182" }, { "name": "https://support.apple.com/en-us/HT213193", "refsource": "MISC", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://support.apple.com/en-us/HT213193" }, { "name": "https://support.apple.com/en-us/HT213183", "refsource": "MISC", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://support.apple.com/en-us/HT213183" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } }, "lastModifiedDate": "2022-09-27T04:48Z", "publishedDate": "2022-09-23T20:15Z" } } }
var-202203-0145
Vulnerability from variot
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the WebGLMultiDraw component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-03-14-3 tvOS 15.4
tvOS 15.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213186.
AppleAVD Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory corruption issue was addressed with improved validation. CVE-2022-22666: Marc Schoenefeld, Dr. rer. nat.
AVEVideoEncoder Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2022-22634: an anonymous researcher
AVEVideoEncoder Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22635: an anonymous researcher
AVEVideoEncoder Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22636: an anonymous researcher
ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
IOGPUFamily Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: Apple TV 4K and Apple TV HD Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
MediaRemote Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to identify what other applications a user has installed Description: An access issue was addressed with improved access restrictions. CVE-2022-22670: Brandon Azad
Preferences Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
Sandbox Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
UIKit Available for: Apple TV 4K and Apple TV HD Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Apple TV 4K and Apple TV HD Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Additional recognition
Bluetooth We would like to acknowledge an anonymous researcher for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIvyxIACgkQeC9qKD1p rhhDUg//VwUVUUj92pmEmjbj52uKnb1RZohn9dfkA9bESMzRy7wFwMUN973V2SPw T6JpgCab0ZVNxBIfEXJq7wbi2Io08N0UMCE5GPNV0QL79x6ZmYwZREZwdHghrHGh ggQtmYSZPipKLhvVOyXF7PamqHonnibbvfC/iWJSySnmPxQoHG7DoCzrX0wOnVBw dkHEstKVo3eo2/OG/mGhYZw/g8EIAIDQbgP4XTD/m3hRnXbRMFff+7PgaE8cZzdY 45q8ExwqNOTdFoeqsKNmPBIzZJau9fWlekUlGpPXC1ASsiXmiptwvy07RbNLZ1N2 j2lFcLj7Ikzwiwsd7MBIFAMP0OWrT4Ds6YWdcgNX2iBkNoheqqt7AP4kOUnDP28Z VXUriTbra9oPM0ctbZTBrmj7xiYjLbMJ4GRu2kIyGyTG9Wu9xEa3KH5Po1OR1Pxg zG4gXdRIE241E26uee648uIFHhxRcgSdygXANnzkFv5/YslqQdccRD1F6FrJwqgn V+ZFZ17zUhGW37F6Dmnd9LIo9GuiLl14qr1qfUoaQ+J+il2EV1UAv780wxQOuc4I ZnvU4rEjaGmHwSh4/GDUTRFkI/fiA39WYpPkgXKN5yqHJG7AGENaROz3jnOxr/xU JlVOleG7Z6MGdLwHG1i4QaBYrzadFZM20WsEOZ2twQzTVMQUyGk=qxuS -----END PGP SIGNATURE-----
.
For the stable distribution (bullseye), these problems have been fixed in version 2.36.0-2~deb11u1.
We recommend that you upgrade your wpewebkit packages.
Bug Fix(es):
-
Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)
-
Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)
-
Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)
-
[4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)
-
Fedora version in DataImportCrons is not 'latest' (BZ#2102694)
-
[4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407)
-
CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls (BZ#2110562)
-
Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)
-
Unable to start windows VMs on PSI setups (BZ#2115371)
-
[4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)
-
Mark Windows 11 as TechPreview (BZ#2129013)
-
4.11.1 rpms (BZ#2139453)
This advisory contains the following OpenShift Virtualization 4.11.1 images.
RHEL-8-CNV-4.11
virt-cdi-operator-container-v4.11.1-5 virt-cdi-uploadserver-container-v4.11.1-5 virt-cdi-apiserver-container-v4.11.1-5 virt-cdi-importer-container-v4.11.1-5 virt-cdi-controller-container-v4.11.1-5 virt-cdi-cloner-container-v4.11.1-5 virt-cdi-uploadproxy-container-v4.11.1-5 checkup-framework-container-v4.11.1-3 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7 kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7 kubevirt-template-validator-container-v4.11.1-4 virt-handler-container-v4.11.1-5 hostpath-provisioner-operator-container-v4.11.1-4 virt-api-container-v4.11.1-5 vm-network-latency-checkup-container-v4.11.1-3 cluster-network-addons-operator-container-v4.11.1-5 virtio-win-container-v4.11.1-4 virt-launcher-container-v4.11.1-5 ovs-cni-marker-container-v4.11.1-5 hyperconverged-cluster-webhook-container-v4.11.1-7 virt-controller-container-v4.11.1-5 virt-artifacts-server-container-v4.11.1-5 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7 libguestfs-tools-container-v4.11.1-5 hostpath-provisioner-container-v4.11.1-4 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7 kubevirt-tekton-tasks-copy-template-container-v4.11.1-7 cnv-containernetworking-plugins-container-v4.11.1-5 bridge-marker-container-v4.11.1-5 virt-operator-container-v4.11.1-5 hostpath-csi-driver-container-v4.11.1-4 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7 kubemacpool-container-v4.11.1-5 hyperconverged-cluster-operator-container-v4.11.1-7 kubevirt-ssp-operator-container-v4.11.1-4 ovs-cni-plugin-container-v4.11.1-5 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7 kubevirt-tekton-tasks-operator-container-v4.11.1-2 cnv-must-gather-container-v4.11.1-8 kubevirt-console-plugin-container-v4.11.1-9 hco-bundle-registry-container-v4.11.1-49
- Bugs fixed (https://bugzilla.redhat.com/):
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service
- JIRA issues fixed (https://issues.jboss.org/):
LOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster LOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch LOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn't support multiple CAs LOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types. LOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value LOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed LOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue LOG-3310 - [release-5.5] Can't choose correct CA ConfigMap Key when creating lokistack in Console LOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config
This release includes security and bug fixes, and enhancements. Bugs fixed (https://bugzilla.redhat.com/):
2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2142799 - Release of OpenShift Serverless Serving 1.26.0 2142801 - Release of OpenShift Serverless Eventing 1.26.0
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: OpenShift Virtualization 4.12.0 Images security update Advisory ID: RHSA-2023:0408-01 Product: cnv Advisory URL: https://access.redhat.com/errata/RHSA-2023:0408 Issue date: 2023-01-24 CVE Names: CVE-2015-20107 CVE-2016-3709 CVE-2020-0256 CVE-2020-35525 CVE-2020-35527 CVE-2021-0308 CVE-2021-38561 CVE-2021-44716 CVE-2021-44717 CVE-2022-0391 CVE-2022-0934 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1705 CVE-2022-1785 CVE-2022-1798 CVE-2022-1897 CVE-2022-1927 CVE-2022-1962 CVE-2022-2068 CVE-2022-2097 CVE-2022-2509 CVE-2022-3515 CVE-2022-3787 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24795 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-28131 CVE-2022-29526 CVE-2022-30293 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-30698 CVE-2022-30699 CVE-2022-32148 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 CVE-2022-37434 CVE-2022-40674 CVE-2022-42898 ==================================================================== 1. Summary:
Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:
Security Fix(es):
-
golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
-
kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
-
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
-
golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
-
golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
-
golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
-
golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
-
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
-
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
-
golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
-
golang: syscall: faccessat checks wrong group (CVE-2022-29526)
-
golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
-
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
-
golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
-
golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
-
golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
-
golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
-
golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RHEL-8-CNV-4.12
============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89
- Solution:
Before applying this update, you must apply all previously released errata relevant to your system.
To apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1719190 - Unable to cancel live-migration if virt-launcher pod in pending state
2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2040377 - Unable to delete failed VMIM after VM deleted
2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed
2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value
2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
2060499 - [RFE] Cannot add additional service (or other objects) to VM template
2069098 - Large scale |VMs migration is slow due to low migration parallelism
2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass
2071491 - Storage Throughput metrics are incorrect in Overview
2072797 - Metrics in Virtualization -> Overview period is not clear or configurable
2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers
2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering
2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode
2086551 - Min CPU feature found in labels
2087724 - Default template show no boot source even there are auto-upload boot sources
2088129 - [SSP] webhook does not comply with restricted security context
2088464 - [CDI] cdi-deployment does not comply with restricted security context
2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR
2089744 - HCO should label its control plane namespace to admit pods at privileged security level
2089751 - 4.12.0 containers
2089804 - 4.12.0 rpms
2091856 - ?Edit BootSource? action should have more explicit information when disabled
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer
2093771 - The disk source should be PVC if the template has no auto-update boot source
2093996 - kubectl get vmi API should always return primary interface if exist
2094202 - Cloud-init username field should have hint
2096285 - KubeVirt CR API documentation is missing docs for many fields
2096780 - [RFE] Add ssh-key and sysprep to template scripts tab
2097436 - Online disk expansion ignores filesystem overhead change
2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2099556 - [RFE] Add option to enable RDP service for windows vm
2099573 - [RFE] Improve template's message about not editable
2099923 - [RFE] Merge "SSH access" and "SSH command" into one
2100290 - Error is not dismissed on catalog review page
2100436 - VM list filtering ignores VMs in error-states
2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2100629 - Update nested support KBASE article
2100679 - The number of hardware devices is not correct in vm overview tab
2100682 - All hardware devices get deleted while just delete one
2100684 - Workload profile are not editable during creation and after creation
2101144 - VM filter has two "Other" checkboxes which are triggered together
2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2101167 - Edit buttons clickable area is too large.
2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id
2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state
2101390 - Easy to miss the "tick" when adding GPU device to vm via UI
2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id
2101423 - wrong user name on using ignition
2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2101445 - "Pending changes - Boot Order"
2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2101499 - Cannot add NIC to VM template as non-priv user
2101501 - NAME parameter in VM template has no effect.
2101628 - non-priv user cannot load dataSource while edit template's rootdisk
2101667 - VMI view is not aligned with vm and tempates
2101681 - All templates are labeling "source available" in template list page
2102074 - VM Creation time on VM Overview Details card lacks string
2102125 - vm clone modal is displaying DV size instead of PVC size
2102132 - align the utilization card of single VM overview with the design
2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"?
2102256 - Add button moved to right
2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other'
2102561 - sysprep-info should link to downstream doc
2102737 - Clone a VM should lead to vm overview tab
2102740 - "Save" button on vm clone modal should be "Clone"
2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab
2103807 - PVC is not named by VM name while creating vm quickly
2103817 - Workload profile values in vm details should align with template's value
2103844 - VM nic model is empty
2104331 - VM list page scroll up automatically
2104402 - VM create button is not enabled while adding multiple environment disks
2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed
2104424 - Enable descheduler or hide it on template's scheduling tab
2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted
2104480 - Alerts in VM overview tab disappeared after a few seconds
2104785 - "Add disk" and "Disks" are on the same line
2104859 - [RFE] Add "Copy SSH command" to VM action list
2105257 - Can't set log verbosity level for virt-operator pod
2106175 - All pages are crashed after visit Virtualization -> Overview
2106963 - Cannot add configmap for windows VM
2107279 - VM Template's bootable disk can be marked as bootable
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
2108339 - datasource does not provide timestamp when updated
2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed
2109818 - Upstream metrics documentation is not detailed enough
2109975 - DataVolume fails to import "cirros-container-disk-demo" image
2110256 - Storage -> PVC -> upload data, does not support source reference
2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls
2111240 - GiB changes to B in Template's Edit boot source reference modal
2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics
2111328 - kubevirt plugin console crashed after visit vmi page
2111378 - VM SSH command generated by UI points at api VIP
2111744 - Cloned template should not label app.kubernetes.io/name: common-templates
2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi)
2112900 - button style are different
2114516 - Nothing happens after clicking on Fedora cloud image list link
2114636 - The style of displayed items are not unified on VM tabs
2114683 - VM overview tab is crashed just after the vm is created
2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12
2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass
2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items
2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates
2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF'
2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found"
2117549 - Cannot edit cloud-init data after add ssh key
2117803 - Cannot edit ssh even vm is stopped
2117813 - Improve descriptive text of VM details while VM is off
2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs
2118257 - outdated doc link tolerations modal
2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format
2119069 - Unable to start windows VMs on PSI setups
2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2119309 - readinessProbe in VM stays on failed
2119615 - Change the disk size causes the unit changed
2120907 - Cannot filter disks by label
2121320 - Negative values in migration metrics
2122236 - Failing to delete HCO with SSP sticking around
2122990 - VMExport should check APIGroup
2124147 - "ReadOnlyMany" should not be added to supported values in memory dump
2124307 - Ui crash/stuck on loading when trying to detach disk on a VM
2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it
2124555 - View documentation link on MigrationPolicies page des not work
2124557 - MigrationPolicy description is not displayed on Details page
2124558 - Non-privileged user can start MigrationPolicy creation
2124565 - Deleted DataSource reappears in list
2124572 - First annotation can not be added to DataSource
2124582 - Filtering VMs by OS does not work
2124594 - Docker URL validation is inconsistent over application
2124597 - Wrong case in Create DataSource menu
2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile
2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state
2127787 - Expose the PVC source of the dataSource on UI
2127843 - UI crashed by selecting "Live migration network"
2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes
2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer
2128002 - Error after VM template deletion
2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards
2128872 - [4.11]Can't restore cloned VM
2128948 - Cannot create DataSource from default YAML
2128949 - Cannot create MigrationPolicy from example YAML
2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2129013 - Mark Windows 11 as TechPreview
2129234 - Service is not deleted along with the VM when the VM is created from a template with service
2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data'
2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook
2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV
2130588 - crypto-policy : Common Ciphers support by apiserver and hco
2130695 - crypto-policy : Logging Improvement and publish the source of ciphers
2130909 - Non-privileged user can start DataSource creation
2131157 - KV data transfer rate chart in VM Metrics tab is not displayed
2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough
2131674 - Bump virtlogd memory requirement to 20Mi
2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11
2132682 - Default YAML entity name convention.
2132721 - Delete dialogs
2132744 - Description text is missing in Live Migrations section
2132746 - Background is broken in Virtualization Monitoring page
2132783 - VM can not be created from Template with edited boot source
2132793 - Edited Template BSR is not saved
2132932 - Typo in PVC size units menu
2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed
2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed
2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed
2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed
2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed
2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed
2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed
2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed
2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod
2134672 - [e2e] add data-test-id for catalog -> storage section
2134825 - Authorization for expand-spec endpoint missing
2135805 - Windows 2022 template is missing vTPM and UEFI params in spec
2136051 - Name jumping when trying to create a VM with source from catalog
2136425 - Windows 11 is detected as Windows 10
2136534 - Not possible to specify a TTL on VMExports
2137123 - VMExport: export pod is not PSA complaint
2137241 - Checkbox about delete vm disks is not loaded while deleting VM
2137243 - registery input add docker prefix twice
2137349 - "Manage source" action infinitely loading on DataImportCron details page
2137591 - Inconsistent dialog headings/titles
2137731 - Link of VM status in overview is not working
2137733 - No link for VMs in error status in "VirtualMachine statuses" card
2137736 - The column name "MigrationPolicy name" can just be "Name"
2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly
2138112 - Unsupported S3 endpoint option in Add disk modal
2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals
2138199 - Win11 and Win22 templates are not filtered properly by Template provider
2138653 - Saving Template prameters reloads the page
2138657 - Setting DATA_SOURCE_ Template parameters makes VM creation fail
2138664 - VM that was created with SSH key fails to start
2139257 - Cannot add disk via "Using an existing PVC"
2139260 - Clone button is disabled while VM is running
2139293 - Non-admin user cannot load VM list page
2139296 - Non-admin cannot load MigrationPolicies page
2139299 - No auto-generated VM name while creating VM by non-admin user
2139306 - Non-admin cannot create VM via customize mode
2139479 - virtualization overview crashes for non-priv user
2139574 - VM name gets "emptyname" if click the create button quickly
2139651 - non-priv user can click create when have no permissions
2139687 - catalog shows template list for non-priv users
2139738 - [4.12]Can't restore cloned VM
2139820 - non-priv user cant reach vm details
2140117 - Provide upgrade path from 4.11.1->4.12.0
2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project
2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user
2140627 - Not able to select storageClass if there is no default storageclass defined
2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user
2140808 - Hyperv feature set to "enabled: false" prevents scheduling
2140977 - Alerts number is not correct on Virtualization overview
2140982 - The base template of cloned template is "Not available"
2140998 - Incorrect information shows in overview page per namespace
2141089 - Unable to upload boot images.
2141302 - Unhealthy states alerts and state metrics are missing
2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations
2141494 - "Start in pause mode" option is not available while creating the VM
2141654 - warning log appearing on VMs: found no SR-IOV networks
2141711 - Node column selector is redundant for non-priv user
2142468 - VM action "Stop" should not be disabled when VM in pause state
2142470 - Delete a VM or template from all projects leads to 404 error
2142511 - Enhance alerts card in overview
2142647 - Error after MigrationPolicy deletion
2142891 - VM latency checkup: Failed to create the checkup's Job
2142929 - Permission denied when try get instancestypes
2143268 - Topolvm storageProfile missing accessModes and volumeMode
2143498 - Could not load template while creating VM from catalog
2143964 - Could not load template while creating VM from catalog
2144580 - "?" icon is too big in VM Template Disk tab
2144828 - "?" icon is too big in VM Template Disk tab
2144839 - Alerts number is not correct on Virtualization overview
2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten
2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container
- References:
https://access.redhat.com/security/cve/CVE-2015-20107 https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-0256 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2021-0308 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0391 https://access.redhat.com/security/cve/CVE-2022-0934 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1705 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1798 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-1962 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-3787 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24795 https://access.redhat.com/security/cve/CVE-2022-25308 https://access.redhat.com/security/cve/CVE-2022-25309 https://access.redhat.com/security/cve/CVE-2022-25310 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-28131 https://access.redhat.com/security/cve/CVE-2022-29526 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30630 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-30633 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-30698 https://access.redhat.com/security/cve/CVE-2022-30699 https://access.redhat.com/security/cve/CVE-2022-32148 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. Bugs fixed (https://bugzilla.redhat.com/):
2134876 - CVE-2022-37601 loader-utils: prototype pollution in function parseQuery in parseQuery.js 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service 2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing 2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process 2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method 2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service 2156683 - CVE-2020-36567 gin: Unsanitized input in the default logger in github.com/gin-gonic/gin 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests
- JIRA issues fixed (https://issues.jboss.org/):
MTA-103 - MTA 6.0.1 Installation failed with CrashLoop Error for UI Pod MTA-106 - Implement ability for windup addon image pull policy to be configurable MTA-122 - MTA is upgrading automatically ignoring 'Manual' setting MTA-123 - MTA Becomes unusable when running bulk binary analysis MTA-127 - After upgrading MTA operator from 6.0.0 to 6.0.1 and running analysis , task pods starts failing MTA-131 - Analysis stops working after MTA upgrade from 6.0.0 to 6.0.1 MTA-36 - Can't disable a proxy if it has an invalid configuration MTA-44 - Make RWX volumes optional. MTA-49 - Uploaded a local binary when return back to the page the UI should show green bar and correct % MTA-59 - Getting error 401 if deleting many credentials quickly MTA-65 - Set windup addon image pull policy to be controlled by the global image_pull_policy parameter MTA-72 - CVE-2022-46175 mta-ui-container: json5: Prototype Pollution in JSON5 via Parse Method [mta-6] MTA-73 - CVE-2022-37601 mta-ui-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js [mta-6] MTA-74 - CVE-2020-36567 mta-windup-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-76 - CVE-2022-37603 mta-ui-container: loader-utils:Regular expression denial of service [mta-6] MTA-77 - CVE-2020-36567 mta-hub-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-80 - CVE-2021-35065 mta-ui-container: glob-parent: Regular Expression Denial of Service [mta-6] MTA-82 - CVE-2022-42920 org.jboss.windup-windup-cli-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0] MTA-85 - CVE-2022-24999 mta-ui-container: express: "qs" prototype poisoning causes the hang of the node process [mta-6] MTA-88 - CVE-2020-36567 mta-admin-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-92 - CVE-2022-42920 org.jboss.windup.plugin-windup-maven-plugin-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0] MTA-96 - [UI] Maven -> "Local artifact repository" textbox can be checked and has no tooltip
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.6.3 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/
Bugs addressed:
-
clusters belong to global clusterset is not selected by placement when rescheduling (BZ# 2129679)
-
RHACM 2.6.3 images (BZ# 2139085)
Security fixes:
-
CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function Security
-
CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements
-
Bugs fixed (https://bugzilla.redhat.com/):
2129679 - clusters belong to global clusterset is not selected by placement when rescheduling 2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function 2139085 - RHACM 2.6.3 images 2149181 - CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements
5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0145", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "itunes", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "12.12.3" }, { "model": "safari", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "15.4" }, { "model": "ipados", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "15.4" }, { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "15.4" }, { "model": "watchos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "8.5" }, { "model": "macos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "12.3" }, { "model": "tvos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "15.4" }, { "model": "macos", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "12.0.0" }, { "model": "safari", "scope": null, "trust": 0.7, "vendor": "apple", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-517" }, { "db": "NVD", "id": "CVE-2022-22629" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.3", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionEndExcluding": "12.12.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.4", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-22629" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-22-517" } ], "trust": 0.7 }, "cve": "CVE-2022-22629", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2022-22629", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-22629", "trust": 1.0, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2022-22629", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-517" }, { "db": "NVD", "id": "CVE-2022-22629" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the WebGLMultiDraw component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-3 tvOS 15.4\n\ntvOS 15.4 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213186. \n\nAppleAVD\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22666: Marc Schoenefeld, Dr. rer. nat. \n\nAVEVideoEncoder\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2022-22634: an anonymous researcher\n\nAVEVideoEncoder\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22635: an anonymous researcher\n\nAVEVideoEncoder\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22636: an anonymous researcher\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIOGPUFamily\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nMediaRemote\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to identify what other\napplications a user has installed\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-22670: Brandon Azad\n\nPreferences\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nSandbox\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nUIKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance\n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting \"Settings -\u003e\nSystem -\u003e Software Update -\u003e Update Software.\" To check the current\nversion of software, select \"Settings -\u003e General -\u003e About.\"\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIvyxIACgkQeC9qKD1p\nrhhDUg//VwUVUUj92pmEmjbj52uKnb1RZohn9dfkA9bESMzRy7wFwMUN973V2SPw\nT6JpgCab0ZVNxBIfEXJq7wbi2Io08N0UMCE5GPNV0QL79x6ZmYwZREZwdHghrHGh\nggQtmYSZPipKLhvVOyXF7PamqHonnibbvfC/iWJSySnmPxQoHG7DoCzrX0wOnVBw\ndkHEstKVo3eo2/OG/mGhYZw/g8EIAIDQbgP4XTD/m3hRnXbRMFff+7PgaE8cZzdY\n45q8ExwqNOTdFoeqsKNmPBIzZJau9fWlekUlGpPXC1ASsiXmiptwvy07RbNLZ1N2\nj2lFcLj7Ikzwiwsd7MBIFAMP0OWrT4Ds6YWdcgNX2iBkNoheqqt7AP4kOUnDP28Z\nVXUriTbra9oPM0ctbZTBrmj7xiYjLbMJ4GRu2kIyGyTG9Wu9xEa3KH5Po1OR1Pxg\nzG4gXdRIE241E26uee648uIFHhxRcgSdygXANnzkFv5/YslqQdccRD1F6FrJwqgn\nV+ZFZ17zUhGW37F6Dmnd9LIo9GuiLl14qr1qfUoaQ+J+il2EV1UAv780wxQOuc4I\nZnvU4rEjaGmHwSh4/GDUTRFkI/fiA39WYpPkgXKN5yqHJG7AGENaROz3jnOxr/xU\nJlVOleG7Z6MGdLwHG1i4QaBYrzadFZM20WsEOZ2twQzTVMQUyGk=qxuS\n-----END PGP SIGNATURE-----\n\n\n. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.36.0-2~deb11u1. \n\nWe recommend that you upgrade your wpewebkit packages. \n\nBug Fix(es):\n\n* Cloning a Block DV to VM with Filesystem with not big enough size comes\nto endless loop - using pvc api (BZ#2033191)\n\n* Restart of VM Pod causes SSH keys to be regenerated within VM\n(BZ#2087177)\n\n* Import gzipped raw file causes image to be downloaded and uncompressed to\nTMPDIR (BZ#2089391)\n\n* [4.11] VM Snapshot Restore hangs indefinitely when backed by a\nsnapshotclass (BZ#2098225)\n\n* Fedora version in DataImportCrons is not \u0027latest\u0027 (BZ#2102694)\n\n* [4.11] Cloned VM\u0027s snapshot restore fails if the source VM disk is\ndeleted (BZ#2109407)\n\n* CNV introduces a compliance check fail in \"ocp4-moderate\" profile -\nroutes-protected-by-tls (BZ#2110562)\n\n* Nightly build: v4.11.0-578: index format was changed in 4.11 to\nfile-based instead of sqlite-based (BZ#2112643)\n\n* Unable to start windows VMs on PSI setups (BZ#2115371)\n\n* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity\nrestricted:v1.24 (BZ#2128997)\n\n* Mark Windows 11 as TechPreview (BZ#2129013)\n\n* 4.11.1 rpms (BZ#2139453)\n\nThis advisory contains the following OpenShift Virtualization 4.11.1\nimages. \n\nRHEL-8-CNV-4.11\n\nvirt-cdi-operator-container-v4.11.1-5\nvirt-cdi-uploadserver-container-v4.11.1-5\nvirt-cdi-apiserver-container-v4.11.1-5\nvirt-cdi-importer-container-v4.11.1-5\nvirt-cdi-controller-container-v4.11.1-5\nvirt-cdi-cloner-container-v4.11.1-5\nvirt-cdi-uploadproxy-container-v4.11.1-5\ncheckup-framework-container-v4.11.1-3\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7\nkubevirt-template-validator-container-v4.11.1-4\nvirt-handler-container-v4.11.1-5\nhostpath-provisioner-operator-container-v4.11.1-4\nvirt-api-container-v4.11.1-5\nvm-network-latency-checkup-container-v4.11.1-3\ncluster-network-addons-operator-container-v4.11.1-5\nvirtio-win-container-v4.11.1-4\nvirt-launcher-container-v4.11.1-5\novs-cni-marker-container-v4.11.1-5\nhyperconverged-cluster-webhook-container-v4.11.1-7\nvirt-controller-container-v4.11.1-5\nvirt-artifacts-server-container-v4.11.1-5\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7\nlibguestfs-tools-container-v4.11.1-5\nhostpath-provisioner-container-v4.11.1-4\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.1-7\ncnv-containernetworking-plugins-container-v4.11.1-5\nbridge-marker-container-v4.11.1-5\nvirt-operator-container-v4.11.1-5\nhostpath-csi-driver-container-v4.11.1-4\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7\nkubemacpool-container-v4.11.1-5\nhyperconverged-cluster-operator-container-v4.11.1-7\nkubevirt-ssp-operator-container-v4.11.1-4\novs-cni-plugin-container-v4.11.1-5\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7\nkubevirt-tekton-tasks-operator-container-v4.11.1-2\ncnv-must-gather-container-v4.11.1-8\nkubevirt-console-plugin-container-v4.11.1-9\nhco-bundle-registry-container-v4.11.1-49\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service\n2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY\n2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers\n2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays\n2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster\nLOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch\nLOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn\u0027t support multiple CAs\nLOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types. \nLOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value\nLOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed\nLOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue\nLOG-3310 - [release-5.5] Can\u0027t choose correct CA ConfigMap Key when creating lokistack in Console\nLOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config\n\n6. \n\nThis release includes security and bug fixes, and enhancements. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2142799 - Release of OpenShift Serverless Serving 1.26.0\n2142801 - Release of OpenShift Serverless Eventing 1.26.0\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: OpenShift Virtualization 4.12.0 Images security update\nAdvisory ID: RHSA-2023:0408-01\nProduct: cnv\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:0408\nIssue date: 2023-01-24\nCVE Names: CVE-2015-20107 CVE-2016-3709 CVE-2020-0256\n CVE-2020-35525 CVE-2020-35527 CVE-2021-0308\n CVE-2021-38561 CVE-2021-44716 CVE-2021-44717\n CVE-2022-0391 CVE-2022-0934 CVE-2022-1292\n CVE-2022-1304 CVE-2022-1586 CVE-2022-1705\n CVE-2022-1785 CVE-2022-1798 CVE-2022-1897\n CVE-2022-1927 CVE-2022-1962 CVE-2022-2068\n CVE-2022-2097 CVE-2022-2509 CVE-2022-3515\n CVE-2022-3787 CVE-2022-22624 CVE-2022-22628\n CVE-2022-22629 CVE-2022-22662 CVE-2022-23772\n CVE-2022-23773 CVE-2022-23806 CVE-2022-24795\n CVE-2022-25308 CVE-2022-25309 CVE-2022-25310\n CVE-2022-26700 CVE-2022-26709 CVE-2022-26710\n CVE-2022-26716 CVE-2022-26717 CVE-2022-26719\n CVE-2022-27404 CVE-2022-27405 CVE-2022-27406\n CVE-2022-28131 CVE-2022-29526 CVE-2022-30293\n CVE-2022-30629 CVE-2022-30630 CVE-2022-30631\n CVE-2022-30632 CVE-2022-30633 CVE-2022-30635\n CVE-2022-30698 CVE-2022-30699 CVE-2022-32148\n CVE-2022-32206 CVE-2022-32208 CVE-2022-34903\n CVE-2022-37434 CVE-2022-40674 CVE-2022-42898\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Virtualization release 4.12 is now available with updates\nto packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. This advisory contains the following\nOpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions\n(CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit\nX-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Solution:\n\nBefore applying this update, you must apply all previously released errata\nrelevant to your system. \n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-20107\nhttps://access.redhat.com/security/cve/CVE-2016-3709\nhttps://access.redhat.com/security/cve/CVE-2020-0256\nhttps://access.redhat.com/security/cve/CVE-2020-35525\nhttps://access.redhat.com/security/cve/CVE-2020-35527\nhttps://access.redhat.com/security/cve/CVE-2021-0308\nhttps://access.redhat.com/security/cve/CVE-2021-38561\nhttps://access.redhat.com/security/cve/CVE-2021-44716\nhttps://access.redhat.com/security/cve/CVE-2021-44717\nhttps://access.redhat.com/security/cve/CVE-2022-0391\nhttps://access.redhat.com/security/cve/CVE-2022-0934\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-1304\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-1705\nhttps://access.redhat.com/security/cve/CVE-2022-1785\nhttps://access.redhat.com/security/cve/CVE-2022-1798\nhttps://access.redhat.com/security/cve/CVE-2022-1897\nhttps://access.redhat.com/security/cve/CVE-2022-1927\nhttps://access.redhat.com/security/cve/CVE-2022-1962\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-2097\nhttps://access.redhat.com/security/cve/CVE-2022-2509\nhttps://access.redhat.com/security/cve/CVE-2022-3515\nhttps://access.redhat.com/security/cve/CVE-2022-3787\nhttps://access.redhat.com/security/cve/CVE-2022-22624\nhttps://access.redhat.com/security/cve/CVE-2022-22628\nhttps://access.redhat.com/security/cve/CVE-2022-22629\nhttps://access.redhat.com/security/cve/CVE-2022-22662\nhttps://access.redhat.com/security/cve/CVE-2022-23772\nhttps://access.redhat.com/security/cve/CVE-2022-23773\nhttps://access.redhat.com/security/cve/CVE-2022-23806\nhttps://access.redhat.com/security/cve/CVE-2022-24795\nhttps://access.redhat.com/security/cve/CVE-2022-25308\nhttps://access.redhat.com/security/cve/CVE-2022-25309\nhttps://access.redhat.com/security/cve/CVE-2022-25310\nhttps://access.redhat.com/security/cve/CVE-2022-26700\nhttps://access.redhat.com/security/cve/CVE-2022-26709\nhttps://access.redhat.com/security/cve/CVE-2022-26710\nhttps://access.redhat.com/security/cve/CVE-2022-26716\nhttps://access.redhat.com/security/cve/CVE-2022-26717\nhttps://access.redhat.com/security/cve/CVE-2022-26719\nhttps://access.redhat.com/security/cve/CVE-2022-27404\nhttps://access.redhat.com/security/cve/CVE-2022-27405\nhttps://access.redhat.com/security/cve/CVE-2022-27406\nhttps://access.redhat.com/security/cve/CVE-2022-28131\nhttps://access.redhat.com/security/cve/CVE-2022-29526\nhttps://access.redhat.com/security/cve/CVE-2022-30293\nhttps://access.redhat.com/security/cve/CVE-2022-30629\nhttps://access.redhat.com/security/cve/CVE-2022-30630\nhttps://access.redhat.com/security/cve/CVE-2022-30631\nhttps://access.redhat.com/security/cve/CVE-2022-30632\nhttps://access.redhat.com/security/cve/CVE-2022-30633\nhttps://access.redhat.com/security/cve/CVE-2022-30635\nhttps://access.redhat.com/security/cve/CVE-2022-30698\nhttps://access.redhat.com/security/cve/CVE-2022-30699\nhttps://access.redhat.com/security/cve/CVE-2022-32148\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/cve/CVE-2022-34903\nhttps://access.redhat.com/security/cve/CVE-2022-37434\nhttps://access.redhat.com/security/cve/CVE-2022-40674\nhttps://access.redhat.com/security/cve/CVE-2022-42898\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. Bugs fixed (https://bugzilla.redhat.com/):\n\n2134876 - CVE-2022-37601 loader-utils: prototype pollution in function parseQuery in parseQuery.js\n2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service\n2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing\n2150323 - CVE-2022-24999 express: \"qs\" prototype poisoning causes the hang of the node process\n2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method\n2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service\n2156683 - CVE-2020-36567 gin: Unsanitized input in the default logger in github.com/gin-gonic/gin\n2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nMTA-103 - MTA 6.0.1 Installation failed with CrashLoop Error for UI Pod\nMTA-106 - Implement ability for windup addon image pull policy to be configurable\nMTA-122 - MTA is upgrading automatically ignoring \u0027Manual\u0027 setting\nMTA-123 - MTA Becomes unusable when running bulk binary analysis\nMTA-127 - After upgrading MTA operator from 6.0.0 to 6.0.1 and running analysis , task pods starts failing \nMTA-131 - Analysis stops working after MTA upgrade from 6.0.0 to 6.0.1\nMTA-36 - Can\u0027t disable a proxy if it has an invalid configuration\nMTA-44 - Make RWX volumes optional. \nMTA-49 - Uploaded a local binary when return back to the page the UI should show green bar and correct %\nMTA-59 - Getting error 401 if deleting many credentials quickly\nMTA-65 - Set windup addon image pull policy to be controlled by the global image_pull_policy parameter\nMTA-72 - CVE-2022-46175 mta-ui-container: json5: Prototype Pollution in JSON5 via Parse Method [mta-6]\nMTA-73 - CVE-2022-37601 mta-ui-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js [mta-6]\nMTA-74 - CVE-2020-36567 mta-windup-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6]\nMTA-76 - CVE-2022-37603 mta-ui-container: loader-utils:Regular expression denial of service [mta-6]\nMTA-77 - CVE-2020-36567 mta-hub-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6]\nMTA-80 - CVE-2021-35065 mta-ui-container: glob-parent: Regular Expression Denial of Service [mta-6]\nMTA-82 - CVE-2022-42920 org.jboss.windup-windup-cli-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0]\nMTA-85 - CVE-2022-24999 mta-ui-container: express: \"qs\" prototype poisoning causes the hang of the node process [mta-6]\nMTA-88 - CVE-2020-36567 mta-admin-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6]\nMTA-92 - CVE-2022-42920 org.jboss.windup.plugin-windup-maven-plugin-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0]\nMTA-96 - [UI] Maven -\u003e \"Local artifact repository\" textbox can be checked and has no tooltip\n\n6. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.6.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nBugs addressed:\n\n* clusters belong to global clusterset is not selected by placement when\nrescheduling (BZ# 2129679)\n\n* RHACM 2.6.3 images (BZ# 2139085)\n\nSecurity fixes:\n\n* CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function \n Security\n\n* CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML\nresponses containing multiple Assertion elements\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2129679 - clusters belong to global clusterset is not selected by placement when rescheduling\n2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function\n2139085 - RHACM 2.6.3 images\n2149181 - CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2022-22629" }, { "db": "ZDI", "id": "ZDI-22-517" }, { "db": "VULHUB", "id": "VHN-411257" }, { "db": "PACKETSTORM", "id": "166316" }, { "db": "PACKETSTORM", "id": "166314" }, { "db": "PACKETSTORM", "id": "169374" }, { "db": "PACKETSTORM", "id": "170083" }, { "db": "PACKETSTORM", "id": "170162" }, { "db": "PACKETSTORM", "id": "170206" }, { "db": "PACKETSTORM", "id": "170741" }, { "db": "PACKETSTORM", "id": "171144" }, { "db": "PACKETSTORM", "id": "170242" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-22629", "trust": 2.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-15747", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-22-517", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "166314", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "166316", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "171144", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "170210", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170956", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "166318", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169920", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "171026", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168226", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169760", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "166317", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169889", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170898", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-411257", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169374", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170083", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170162", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170206", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170741", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "170242", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-517" }, { "db": "VULHUB", "id": "VHN-411257" }, { "db": "PACKETSTORM", "id": "166316" }, { "db": "PACKETSTORM", "id": "166314" }, { "db": "PACKETSTORM", "id": "169374" }, { "db": "PACKETSTORM", "id": "170083" }, { "db": "PACKETSTORM", "id": "170162" }, { "db": "PACKETSTORM", "id": "170206" }, { "db": "PACKETSTORM", "id": "170741" }, { "db": "PACKETSTORM", "id": "171144" }, { "db": "PACKETSTORM", "id": "170242" }, { "db": "NVD", "id": "CVE-2022-22629" } ] }, "id": "VAR-202203-0145", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-411257" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:26:46.093000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apple has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://support.apple.com/en-us/ht213187" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-517" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-411257" }, { "db": "NVD", "id": "CVE-2022-22629" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://support.apple.com/en-us/ht213187" }, { "trust": 1.1, "url": "https://support.apple.com/en-us/ht213182" }, { "trust": 1.1, "url": "https://support.apple.com/en-us/ht213183" }, { "trust": 1.1, "url": "https://support.apple.com/en-us/ht213186" }, { "trust": 1.1, "url": "https://support.apple.com/en-us/ht213188" }, { "trust": 1.1, "url": "https://support.apple.com/en-us/ht213193" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2022-1304" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2022-26700" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2022-26716" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2022-26710" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2022-22629" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2022-26719" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2022-26717" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2022-22662" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2022-27404" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2022-22624" }, { "trust": 0.6, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2022-27406" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2022-26709" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2022-22628" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2022-27405" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2022-30293" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2016-3709" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2022-37434" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-2509" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-3515" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-35525" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-35527" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-2068" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-1927" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-1586" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-1897" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-25309" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-1785" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-2097" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-25310" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-34903" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-25308" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-1292" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-42898" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612" }, { "trust": 0.2, "url": "https://support.apple.com/en-us/ht201222." }, { "trust": 0.2, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-0308" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-32208" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-30629" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-30698" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-30699" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-0256" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-20107" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-40674" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-24795" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-32206" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-38561" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0391" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0934" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22844" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-28390" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30002" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21619" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-24448" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-27950" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3640" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36558" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0168" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0854" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-20368" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0617" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0865" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0562" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-2586" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-25255" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21624" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0168" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-30002" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0865" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36516" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-1016" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-28893" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0854" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3640" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21618" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-2078" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0891" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0617" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21626" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-39399" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-1852" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-36946" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0562" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-1055" }, { "trust": 0.2, "url": "https://issues.jboss.org/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-26373" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-2938" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-1355" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0909" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-1048" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36516" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0561" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0924" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-23960" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36558" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0908" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-29581" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0561" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-1184" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21499" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-2639" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21628" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-37603" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-3787" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609" }, { "trust": 0.1, "url": "https://support.apple.com/ht213186." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22670" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22641" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22634" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22637" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22666" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22636" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22640" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22638" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22635" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614" }, { "trust": 0.1, "url": "https://www.apple.com/itunes/download/" }, { "trust": 0.1, "url": "https://support.apple.com/ht213188." }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/wpewebkit" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-29154" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-38177" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-28327" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24921" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24675" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:8750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-38178" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:8781" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-41715" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2879" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-42003" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-32189" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2880" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-42004" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-27664" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21618" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:8938" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21624" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21626" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-43565" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21619" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-27191" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:0408" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-30632" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23772" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-28131" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-29526" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-30633" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23773" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-30630" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1962" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-30635" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-44716" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-32148" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23806" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1798" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-30631" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-44717" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-35065" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-3775" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-46848" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23521" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-40303" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-43680" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-42011" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2057" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-42010" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-35065" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2023-21835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2869" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-41903" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2058" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-42920" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2867" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-35737" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24999" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2520" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23521" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2023-21843" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2519" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-46175" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2868" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2058" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2057" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2056" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-41717" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:0934" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2056" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24999" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2953" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46848" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2519" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-37601" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2601" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-47629" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2023-21830" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-40304" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-42012" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36567" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2521" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0908" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-3517" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0909" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0891" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-41912" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:9040" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-517" }, { "db": "VULHUB", "id": "VHN-411257" }, { "db": "PACKETSTORM", "id": "166316" }, { "db": "PACKETSTORM", "id": "166314" }, { "db": "PACKETSTORM", "id": "169374" }, { "db": "PACKETSTORM", "id": "170083" }, { "db": "PACKETSTORM", "id": "170162" }, { "db": "PACKETSTORM", "id": "170206" }, { "db": "PACKETSTORM", "id": "170741" }, { "db": "PACKETSTORM", "id": "171144" }, { "db": "PACKETSTORM", "id": "170242" }, { "db": "NVD", "id": "CVE-2022-22629" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-517" }, { "db": "VULHUB", "id": "VHN-411257" }, { "db": "PACKETSTORM", "id": "166316" }, { "db": "PACKETSTORM", "id": "166314" }, { "db": "PACKETSTORM", "id": "169374" }, { "db": "PACKETSTORM", "id": "170083" }, { "db": "PACKETSTORM", "id": "170162" }, { "db": "PACKETSTORM", "id": "170206" }, { "db": "PACKETSTORM", "id": "170741" }, { "db": "PACKETSTORM", "id": "171144" }, { "db": "PACKETSTORM", "id": "170242" }, { "db": "NVD", "id": "CVE-2022-22629" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-22T00:00:00", "db": "ZDI", "id": "ZDI-22-517" }, { "date": "2022-09-23T00:00:00", "db": "VULHUB", "id": "VHN-411257" }, { "date": "2022-03-15T15:46:52", "db": "PACKETSTORM", "id": "166316" }, { "date": "2022-03-15T15:46:09", "db": "PACKETSTORM", "id": "166314" }, { "date": "2022-04-28T19:12:00", "db": "PACKETSTORM", "id": "169374" }, { "date": "2022-12-02T15:57:08", "db": "PACKETSTORM", "id": "170083" }, { "date": "2022-12-08T16:34:22", "db": "PACKETSTORM", "id": "170162" }, { "date": "2022-12-13T17:13:48", "db": "PACKETSTORM", "id": "170206" }, { "date": "2023-01-26T15:29:09", "db": "PACKETSTORM", "id": "170741" }, { "date": "2023-02-28T16:03:55", "db": "PACKETSTORM", "id": "171144" }, { "date": "2022-12-15T15:34:35", "db": "PACKETSTORM", "id": "170242" }, { "date": "2022-09-23T20:15:09.307000", "db": "NVD", "id": "CVE-2022-22629" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-07-08T00:00:00", "db": "ZDI", "id": "ZDI-22-517" }, { "date": "2022-09-27T00:00:00", "db": "VULHUB", "id": "VHN-411257" }, { "date": "2022-09-27T04:48:41.080000", "db": "NVD", "id": "CVE-2022-22629" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple Safari WebGLMultiDraw Heap-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-22-517" } ], "trust": 0.7 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "overflow, code execution", "sources": [ { "db": "PACKETSTORM", "id": "166316" }, { "db": "PACKETSTORM", "id": "166314" } ], "trust": 0.2 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.